CVE-2021-23197
Severity: Medium CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Components affected: Controller Service
Version of Command Centre affected: 8.50 prior to 8.50.2048 (MR3)
Reported by: Gallagher
Active exploitation of vulnerability*: No
Description of vulnerability: Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to vEL8.50.2048 (MR3)
Mitigation: Remove write access for any untrusted user along the file path that stores the Controller Service executable.
Maintenance releases are now available for:
- v8.50 - v8.50.2048 (MR3)
*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.
Stay up to date with Gallagher
Get the latest Gallagher news, updates, and event information delivered straight to your inbox.