CVE-2024-41724
Severity: High CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\
Components affected: Command Centre Server
Version of Command Centre affected: This issue affects all versions of Gallagher Command Centre prior to 9.20.1043
Reported by: Gallagher Internal
Active exploitation of vulnerability*: No
Description of vulnerability:
Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allows an attacker to spoof the SALTO server.
Mitigating factor: Impact of this vulnerability is limited to sites making use of the Gallagher Command Centre SALTO integration prior to 9.20.1043.
*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.
Stay up to date with Gallagher
Get the latest Gallagher news, updates, and event information delivered straight to your inbox.