Vulnerability Details CVE-2021-23167
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-23167
-
cpe:2.3:a:gallagher:command_centre:-
-
cpe:2.3:a:gallagher:command_centre:7.70
-
cpe:2.3:a:gallagher:command_centre:7.80
-
cpe:2.3:a:gallagher:command_centre:7.80.939
-
cpe:2.3:a:gallagher:command_centre:7.80.960
-
cpe:2.3:a:gallagher:command_centre:7.90
-
cpe:2.3:a:gallagher:command_centre:7.90.0
-
cpe:2.3:a:gallagher:command_centre:7.90.1038
-
cpe:2.3:a:gallagher:command_centre:7.90.961
-
cpe:2.3:a:gallagher:command_centre:7.90.991
-
cpe:2.3:a:gallagher:command_centre:8.0
-
cpe:2.3:a:gallagher:command_centre:8.00
-
cpe:2.3:a:gallagher:command_centre:8.00.1128
-
cpe:2.3:a:gallagher:command_centre:8.00.1161
-
cpe:2.3:a:gallagher:command_centre:8.00.1228
-
cpe:2.3:a:gallagher:command_centre:8.00.1252
-
cpe:2.3:a:gallagher:command_centre:8.10
-
cpe:2.3:a:gallagher:command_centre:8.10.1092
-
cpe:2.3:a:gallagher:command_centre:8.10.1134
-
cpe:2.3:a:gallagher:command_centre:8.10.1211
-
cpe:2.3:a:gallagher:command_centre:8.10.1253
-
cpe:2.3:a:gallagher:command_centre:8.10.1284
-
cpe:2.3:a:gallagher:command_centre:8.20
-
cpe:2.3:a:gallagher:command_centre:8.30
-
cpe:2.3:a:gallagher:command_centre:8.30.1236
-
cpe:2.3:a:gallagher:command_centre:8.30.1299
-
cpe:2.3:a:gallagher:command_centre:8.30.1359
-
cpe:2.3:a:gallagher:command_centre:8.40.1888
-
cpe:2.3:a:gallagher:command_centre:8.50