Vulnerability Description
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gallagher | Command Centre | <= 8.20 |
Related Weaknesses (CWE)
References
- https://security.gallagher.com/Security-Advisories/CVE-2022-26348Vendor Advisory
- https://security.gallagher.com/Security-Advisories/CVE-2022-26348Vendor Advisory
FAQ
What is CVE-2022-26348?
CVE-2022-26348 is a vulnerability with a CVSS score of 8.2 (HIGH). Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an...
How severe is CVE-2022-26348?
CVE-2022-26348 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26348?
Check the references section above for vendor advisories and patch information. Affected products include: Gallagher Command Centre.