CVE-2021-23197
https://notcve.org/view.php?id=CVE-2021-23197
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; Una vulnerabilidad de la ruta de servicio no citada en el servicio de controlador de Gallagher permite a un usuario no privilegiado ejecutar código arbitrario como la cuenta que ejecuta el servicio de controlador. Este problema afecta a: Las versiones de Gallagher Command Centre 8.50 anteriores a la 8.50.2048 (MR3) ; • https://security.gallagher.com/Security-Advisories/CVE-2021-23197 • CWE-428: Unquoted Search Path or Element •
CVE-2021-23167
https://notcve.org/view.php?id=CVE-2021-23167
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions. Una vulnerabilidad de comprobación de certificados inapropiada en el cliente SMTP permite que un ataque de tipo man-in-the-middle recupere información confidencial del servidor del centro de mando. Este problema afecta a: Gallagher Command Centre versiones 8.50 anteriores a 8.50.2048 (MR3); versiones 8.40 anteriores a 8.40.2063 (MR4); versiones 8.30 anteriores a 8.30.1454 (MR4) ; versión 8.20 y anteriores • https://security.gallagher.com/Security-Advisories/CVE-2021-23167 • CWE-295: Improper Certificate Validation •
CVE-2021-23146
https://notcve.org/view.php?id=CVE-2021-23146
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. Una vulnerabilidad de comparación incompleta con factores ausentes en el controlador Gallagher permite a un atacante eludir la verificación PIV. Este problema afecta a: Gallagher Command Centre 8.40 versiones anteriores a 8.40.1888 (MR3); 8.30 versiones anteriores a 8.30.1359 (MR3); 8.20 versiones anteriores a 8.20.1259 (MR5); 8.10 versiones anteriores a 8.10.1284 (MR7); versión 8.00 y versiones anteriores • https://security.gallagher.com/Security-Advisories/CVE-2021-23146 • CWE-697: Incorrect Comparison CWE-1023: Incomplete Comparison with Missing Factors •
CVE-2021-23162
https://notcve.org/view.php?id=CVE-2021-23162
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions. Una comprobación inapropiada de la cadena de certificados de la nube en Mobile Connect permite que un ataque de tipo man-in-the-middle se haga pasar por el servidor legítimo del Centro de mando. Este problema afecta a: Gallagher Command Centre Mobile Connect para Android versiones 15 anteriores a 15.04.040; versión 14 y anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2021-23162 • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •
CVE-2021-23155
https://notcve.org/view.php?id=CVE-2021-23155
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions. Una comprobación inapropiada de la cadena de certificados de la nube en el Cliente móvil permite que un ataque de tipo man-in-the-middle se haga pasar por el Servidor del Centro de Comando legítimo. Este problema afecta a: Gallagher Command Centre Mobile Client para Android versiones 8.60 anteriores a 8.60.065; versión 8.50 y anteriores. • https://security.gallagher.com/Security-Advisories/CVE-2021-23155 • CWE-295: Improper Certificate Validation CWE-296: Improper Following of a Certificate's Chain of Trust •