CVE-2024-42407

Summary

Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access.

This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centre Server0 <= 8.80affected
GallagherCommand Centre Server9.10 < 9.10.2149 (MR4)affected
GallagherCommand Centre Server9.00 < 9.00.2374 (MR5)affected
GallagherCommand Centre Server8.90 < 8.90.2356 (MR6)affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References