CVE-2024-43690 (GCVE-0-2024-43690)
Vulnerability from cvelistv5 – Published: 2024-09-11 04:04 – Updated: 2024-09-11 18:34
VLAI?
Summary
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).
This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.
Severity ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Affected:
0 , ≤ 8.70
(custom)
Affected: 9.10 , < vEL9.10.1530(MR2) (custom) Affected: 9.00 , < vEL9.00.2168 (MR4) (custom) Affected: 8.90 , < vEL8.90.2155 (MR5) (custom) Affected: 8.80 , < vEL8.80.1938 (MR6) (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gallagher:command_centre:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "command_centre",
"vendor": "gallagher",
"versions": [
{
"lessThanOrEqual": "8.70",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.10.1530(mr2)",
"status": "affected",
"version": "9.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.00.2168(mr4)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.90.2155(mr5)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.80.1938(mr6)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T18:20:31.031982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T18:34:36.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.70",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.10.1530(MR2)",
"status": "affected",
"version": "9.10",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.2168 (MR4)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.2155 (MR5)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1938 (MR6)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).\u003c/span\u003e\n\n\u003cp\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e Command Centre Server and Command Centre Workstations\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.10 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL9.10.1530 (MR2), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.00 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL9.00.2168 (MR4), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.2155 (MR5), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.80 prior to vEL8.80.1938 (MR6), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of 8.70 and prior.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).\n\nThis issue affects: Command Centre Server and Command Centre Workstations\u00a09.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T04:04:19.129Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-43690",
"datePublished": "2024-09-11T04:04:19.129Z",
"dateReserved": "2024-08-28T02:46:11.119Z",
"dateUpdated": "2024-09-11T18:34:36.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).\\n\\nThis issue affects: Command Centre Server and Command Centre Workstations\\u00a09.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.\"}, {\"lang\": \"es\", \"value\": \"La inclusi\\u00f3n de funcionalidad de Untrusted Control Sphere (CWE-829) en el servidor y las estaciones de trabajo del centro de comando puede permitir que un atacante realice una ejecuci\\u00f3n remota de c\\u00f3digo (RCE). Este problema afecta a: servidor y estaciones de trabajo del centro de comando 9.10 anteriores a vEL9.10.1530 (MR2), 9.00 anteriores a vEL9.00.2168 (MR4), 8.90 anteriores a vEL8.90.2155 (MR5), 8.80 anteriores a vEL8.80.1938 (MR6), todas las versiones de 8.70 y anteriores.\"}]",
"id": "CVE-2024-43690",
"lastModified": "2024-09-11T16:26:11.920",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"disclosures@gallagher.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.3, \"impactScore\": 6.0}]}",
"published": "2024-09-11T05:15:02.843",
"references": "[{\"url\": \"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690\", \"source\": \"disclosures@gallagher.com\"}]",
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"disclosures@gallagher.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-829\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43690\",\"sourceIdentifier\":\"disclosures@gallagher.com\",\"published\":\"2024-09-11T05:15:02.843\",\"lastModified\":\"2024-09-11T16:26:11.920\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).\\n\\nThis issue affects: Command Centre Server and Command Centre Workstations\u00a09.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.\"},{\"lang\":\"es\",\"value\":\"La inclusi\u00f3n de funcionalidad de Untrusted Control Sphere (CWE-829) en el servidor y las estaciones de trabajo del centro de comando puede permitir que un atacante realice una ejecuci\u00f3n remota de c\u00f3digo (RCE). Este problema afecta a: servidor y estaciones de trabajo del centro de comando 9.10 anteriores a vEL9.10.1530 (MR2), 9.00 anteriores a vEL9.00.2168 (MR4), 8.90 anteriores a vEL8.90.2155 (MR5), 8.80 anteriores a vEL8.80.1938 (MR6), todas las versiones de 8.70 y anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-829\"}]}],\"references\":[{\"url\":\"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690\",\"source\":\"disclosures@gallagher.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43690\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-11T18:20:31.031982Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:gallagher:command_centre:-:*:*:*:*:*:*:*\"], \"vendor\": \"gallagher\", \"product\": \"command_centre\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.70\"}, {\"status\": \"affected\", \"version\": \"9.10\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.10.1530(mr2)\"}, {\"status\": \"affected\", \"version\": \"9.00\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.00.2168(mr4)\"}, {\"status\": \"affected\", \"version\": \"8.90\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.90.2155(mr5)\"}, {\"status\": \"affected\", \"version\": \"8.80\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.80.1938(mr6)\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T18:34:31.385Z\"}}], \"cna\": {\"source\": {\"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Gallagher\", \"product\": \"Command Centre Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.70\"}, {\"status\": \"affected\", \"version\": \"9.10\", \"lessThan\": \"vEL9.10.1530(MR2)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"9.00\", \"lessThan\": \"vEL9.00.2168 (MR4)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.90\", \"lessThan\": \"vEL8.90.2155 (MR5)\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.80\", \"lessThan\": \"vEL8.80.1938 (MR6)\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43690\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).\\n\\nThis issue affects: Command Centre Server and Command Centre Workstations\\u00a09.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eInclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).\u003c/span\u003e\\n\\n\u003cp\u003e\u003cb\u003eThis issue affects:\u003c/b\u003e Command Centre Server and Command Centre Workstations\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e9.10 prior to \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003evEL9.10.1530 (MR2), \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e9.00 prior to \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003evEL9.00.2168 (MR4), \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e8.90 prior to vEL8.90.2155 (MR5), \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e8.80 prior to vEL8.80.1938 (MR6), \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eall versions of 8.70 and prior.\u003c/span\u003e\\n\\n\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-829\", \"description\": \"CWE-829 Inclusion of Functionality from Untrusted Control Sphere\"}]}], \"providerMetadata\": {\"orgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"shortName\": \"Gallagher\", \"dateUpdated\": \"2024-09-11T04:04:19.129Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-43690\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-11T18:34:36.166Z\", \"dateReserved\": \"2024-08-28T02:46:11.119Z\", \"assignerOrgId\": \"0c426f27-3ee1-4eff-be88-288d5a1822bc\", \"datePublished\": \"2024-09-11T04:04:19.129Z\", \"assignerShortName\": \"Gallagher\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…