CVE-2024-43690

Severity: High CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Components affected: Command Centre Server, Command Centre Workstation

Version of Command Centre affected:

9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.

Reported by: External

Active exploitation of vulnerability*: No

Description of vulnerability: Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). 

Maintenance releases are now available for:

• v9.10 - v9.10.1530(MR2)
• v9.00 - v9.00.2168(MR4)
• v8.90 - v8.90.2155(MR5)
• v8.80 - v8.80.1938(MR6)

Important notes:

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.