CVE-2021-23197 — MEDIUM (5.2)

Q: How severe is CVE-2021-23197?

CVE-2021-23197 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-23197?

Check the references section above for vendor advisories and patch information. Affected products include: Gallagher Command Centre.

Vulnerability Description

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

CVSS Score

5.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Gallagher	Command Centre	>= 8.50, < 8.50.2048

Related Weaknesses (CWE)

CWE-428

References

https://security.gallagher.com/Security-Advisories/CVE-2021-23197Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2021-23197Vendor Advisory

FAQ

What is CVE-2021-23197?

CVE-2021-23197 is a vulnerability with a CVSS score of 5.2 (MEDIUM). Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Galla...

How severe is CVE-2021-23197?

CVE-2021-23197 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-23197?

Check the references section above for vendor advisories and patch information. Affected products include: Gallagher Command Centre.