CVE-2023-23570
First published: Mon Dec 18 2023(Updated: )
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
Credit: disclosures@gallagher.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=8.80 | ||
| >=8.90<8.90.1620 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-23570?
CVE-2023-23570 is classified as a medium severity vulnerability due to the potential for bypassing server-side security mechanisms.
How do I fix CVE-2023-23570?
To remediate CVE-2023-23570, upgrade Gallagher Command Centre to version vEL8.90.1620 (MR2) or later.
Which versions of Gallagher Command Centre are affected by CVE-2023-23570?
CVE-2023-23570 affects Gallagher Command Centre versions prior to vEL8.90.1620, including all versions of 8.80 and earlier.
What are the potential consequences of CVE-2023-23570?
Exploitation of CVE-2023-23570 may result in invalid configurations and undefined behavior due to the bypassing of security checks.
Is CVE-2023-23570 a server-side or client-side vulnerability?
CVE-2023-23570 is a client-side vulnerability that enables the bypassing of server-side security.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/last-modified-date
- agent/tags
- agent/source
- vendor/gallagher
- canonical/gallagher command centre
- version/gallagher command centre/8.80
- version/gallagher command centre/8.90