Vulnerability Details CVE-2021-23205
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.6%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 8.5
References
Products affected by CVE-2021-23205
-
cpe:2.3:a:gallagher:command_centre:*
-
cpe:2.3:a:gallagher:command_centre:-
-
cpe:2.3:a:gallagher:command_centre:7.70
-
cpe:2.3:a:gallagher:command_centre:7.80
-
cpe:2.3:a:gallagher:command_centre:7.80.939
-
cpe:2.3:a:gallagher:command_centre:7.80.960
-
cpe:2.3:a:gallagher:command_centre:7.90
-
cpe:2.3:a:gallagher:command_centre:7.90.0
-
cpe:2.3:a:gallagher:command_centre:7.90.1038
-
cpe:2.3:a:gallagher:command_centre:7.90.961
-
cpe:2.3:a:gallagher:command_centre:7.90.991
-
cpe:2.3:a:gallagher:command_centre:8.0
-
cpe:2.3:a:gallagher:command_centre:8.00
-
cpe:2.3:a:gallagher:command_centre:8.00.1128
-
cpe:2.3:a:gallagher:command_centre:8.00.1161
-
cpe:2.3:a:gallagher:command_centre:8.00.1228
-
cpe:2.3:a:gallagher:command_centre:8.00.1252
-
cpe:2.3:a:gallagher:command_centre:8.10
-
cpe:2.3:a:gallagher:command_centre:8.20
-
cpe:2.3:a:gallagher:command_centre:8.20.1093
-
cpe:2.3:a:gallagher:command_centre:8.20.1166
-
cpe:2.3:a:gallagher:command_centre:8.20.1218
-
cpe:2.3:a:gallagher:command_centre:8.30
-
cpe:2.3:a:gallagher:command_centre:8.30.1236
-
cpe:2.3:a:gallagher:command_centre:8.30.1299