{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46686", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2023-11-01T22:24:52.286Z", "datePublished": "2023-12-18T22:01:03.342Z", "dateUpdated": "2024-10-01T15:59:10.520Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Command Centre Diagnostics Service", "vendor": "Gallagher", "versions": [{"lessThanOrEqual": "1.3.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A reliance on untrusted inputs in a security decision could be exploited by a </span><span style=\"background-color: rgb(255, 255, 255);\">privileged</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. <br><br>This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).</span>\n\n<p></p>"}], "value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-807", "description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2023-12-18T22:01:03.342Z"}, "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:20.883Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-26T20:59:49.981191Z", "id": "CVE-2023-46686", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T15:59:10.520Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:20.883Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46686", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-26T20:59:49.981191Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T18:51:04.140Z"}}], "cna": {"source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gallagher", "product": "Command Centre Diagnostics Service", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.3.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">A reliance on untrusted inputs in a security decision could be exploited by a </span><span style=\"background-color: rgb(255, 255, 255);\">privileged</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. <br><br>This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).</span>\n\n<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-807", "description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2023-12-18T22:01:03.342Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46686", "state": "PUBLISHED", "dateUpdated": "2024-10-01T15:59:10.520Z", "dateReserved": "2023-11-01T22:24:52.286Z", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "datePublished": "2023-12-18T22:01:03.342Z", "assignerShortName": "Gallagher"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "516A63FB-0145-4EAE-BAF5-2724C1F9F24D", "versionEndExcluding": "9.00.1507", "versionStartIncluding": "9.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:9.00.1507:-:*:*:*:*:*:*", "matchCriteriaId": "7B79DE16-27CB-4D2D-AEDC-3CA2D4ACC5C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"}, {"lang": "es", "value": "Un usuario privilegiado podr\u00eda aprovechar la dependencia de entradas sin confianza en una decisi\u00f3n de seguridad para configurar el Gallagher Command Centre Diagnostics Service para utilizar protocolos de comunicaci\u00f3n menos seguros. Este problema afecta: Gallagher Diagnostics Service anterior a v1.3.0 (distribuido en 9.00.1507(MR1))."}], "id": "CVE-2023-46686", "lastModified": "2024-11-21T08:29:04.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "disclosures@gallagher.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-18T22:15:08.967", "references": [{"source": "disclosures@gallagher.com", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-807"}], "source": "disclosures@gallagher.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}