Lucene search

GallagherCVELIST:CVE-2021-23162

HistoryNov 18, 2021 - 5:59 p.m.

CVE-2021-23162

2021-11-1817:59:11

CWE-296

Gallagher

www.cve.org

cve-2021-23162

man-in-the-middle

mobile connect

gallagher command centre

android

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions.

CNA Affected

[
  {
    "product": "Command Centre Mobile Connect for Android",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "14",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "15.04.040",
        "status": "affected",
        "version": "15",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2021-23162

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

Related for CVELIST:CVE-2021-23162