CVE-2024-43107
First published: Mon Mar 10 2025(Updated: )
Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
Credit: disclosures@gallagher.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gallagher Milestone Integration Plugin | <4.0.32>undefined |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-43107?
CVE-2024-43107 has a high severity rating due to its potential to allow unauthenticated messages to the Gallagher Milestone Integration Plugin.
How do I fix CVE-2024-43107?
To fix CVE-2024-43107, upgrade the Gallagher Milestone Integration Plugin to version 4.0.32 or later.
What versions are affected by CVE-2024-43107?
CVE-2024-43107 affects Gallagher Milestone Integration Plugin versions 4.0 prior to 4.0.32, and all versions of 3.0 and prior.
What type of vulnerability is CVE-2024-43107?
CVE-2024-43107 is an improper certificate validation vulnerability, classified under CWE-295.
What risks are associated with CVE-2024-43107?
The risks associated with CVE-2024-43107 include the potential for unauthorized alarm events to be sent to the Gallagher Milestone Integration Plugin.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/gallagher
- canonical/gallagher milestone integration plugin