Search criteria
2 vulnerabilities found for Milestone Integration Plugin by Gallagher
CVE-2024-43107 (GCVE-0-2024-43107)
Vulnerability from cvelistv5 – Published: 2025-03-10 02:44 – Updated: 2025-03-10 17:16
VLAI?
Summary
Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.
This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
Severity ?
7.2 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Milestone Integration Plugin |
Affected:
4.0 , < 4.0.32
(custom)
Affected: 0 , ≤ 3.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:13:06.673037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:16:47.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Milestone Integration Plugin",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "4.0.32",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImpact of this vulnerability is limited to\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Impact of this vulnerability is limited to\u00a0sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epermits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\u003cbr\u003eThis issue effects Gallagher MIPS Plugin\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev4.0 prior to v4.0.32, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of v3.0 and prior.\u003c/span\u003e\n\n\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\nThis issue effects Gallagher MIPS Plugin\u00a0v4.0 prior to v4.0.32, all versions of v3.0 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T02:44:03.188Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-43107",
"datePublished": "2025-03-10T02:44:03.188Z",
"dateReserved": "2024-08-28T02:46:11.149Z",
"dateUpdated": "2025-03-10T17:16:47.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43107 (GCVE-0-2024-43107)
Vulnerability from nvd – Published: 2025-03-10 02:44 – Updated: 2025-03-10 17:16
VLAI?
Summary
Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.
This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
Severity ?
7.2 (High)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Milestone Integration Plugin |
Affected:
4.0 , < 4.0.32
(custom)
Affected: 0 , ≤ 3.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:13:06.673037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T17:16:47.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Milestone Integration Plugin",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "4.0.32",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImpact of this vulnerability is limited to\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Impact of this vulnerability is limited to\u00a0sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epermits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\u003cbr\u003eThis issue effects Gallagher MIPS Plugin\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev4.0 prior to v4.0.32, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of v3.0 and prior.\u003c/span\u003e\n\n\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\nThis issue effects Gallagher MIPS Plugin\u00a0v4.0 prior to v4.0.32, all versions of v3.0 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T02:44:03.188Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-43107",
"datePublished": "2025-03-10T02:44:03.188Z",
"dateReserved": "2024-08-28T02:46:11.149Z",
"dateUpdated": "2025-03-10T17:16:47.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}