CVE-2021-23211

Severity: Medium CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Components affected: Command Centre Server
Version of Command Centre affected: 8.40 prior to 8.40.1888 (MR3)
Reported by: Gallagher
Active exploitation of vulnerability*: No
Description of vulnerability:  Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).
Mitigation: Sites not using the Command Centre Cloud are not impacted. Command Centre versions prior to 8.40 are not impacted. When transporting memory dumps, ensure it's done via a secure medium.

Maintenance releases are now available for:

  • v8.40 - v8.40.1888(MR3)

Important notes:

  • These maintenance upgrades require the Command Centre server to be upgraded.

 

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.

Stay up to date with Gallagher

Get the latest Gallagher news, updates, and event information delivered straight to your inbox.