CVE-2023-23576 (GCVE-0-2023-23576)
Vulnerability from cvelistv5
Published
2023-12-18 21:59
Modified
2024-08-02 10:35
Severity ?
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CWE
  • CWE-696 - Incorrect Behavior Order
Summary
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
References
Impacted products
Vendor Product Version
Gallagher Command Centre Server Version: 0   <
Version: 8.90   < 8.90.1620 (MR2)
Version: 8.80   < 8.80.1369 (MR3)
Version: 8.70   < 8.70.2375 (MR5)
Version: 8.60   < 8.60.2550 (MR7)
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:33.566Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Command Centre Server",
          "vendor": "Gallagher",
          "versions": [
            {
              "lessThanOrEqual": "8.50",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.90.1620 (MR2)",
              "status": "affected",
              "version": "8.90",
              "versionType": "custom"
            },
            {
              "lessThan": "8.80.1369 (MR3)",
              "status": "affected",
              "version": "8.80",
              "versionType": "custom"
            },
            {
              "lessThan": "8.70.2375 (MR5)",
              "status": "affected",
              "version": "8.70",
              "versionType": "custom"
            },
            {
              "lessThan": "8.60.2550 (MR7)",
              "status": "affected",
              "version": "8.60",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-696",
              "description": "CWE-696: Incorrect Behavior Order",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-18T21:59:38.164Z",
        "orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
        "shortName": "Gallagher"
      },
      "references": [
        {
          "url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
    "assignerShortName": "Gallagher",
    "cveId": "CVE-2023-23576",
    "datePublished": "2023-12-18T21:59:38.164Z",
    "dateReserved": "2023-02-03T20:38:05.225Z",
    "dateUpdated": "2024-08-02T10:35:33.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-23576\",\"sourceIdentifier\":\"disclosures@gallagher.com\",\"published\":\"2023-12-18T22:15:08.210\",\"lastModified\":\"2024-11-21T07:46:27.683\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \\n\\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\\n\\n\"},{\"lang\":\"es\",\"value\":\"El orden de comportamiento incorrecto en Command Center Server podr\u00eda permitir que los usuarios privilegiados obtengan acceso f\u00edsico al sitio durante m\u00e1s tiempo del previsto despu\u00e9s de una interrupci\u00f3n de la red cuando se utilizan competencias en la decisi\u00f3n de acceso. Este problema afecta a: Gallagher Command Center: 8.90 anterior a vEL8.90.1620 (MR2), 8.80 anterior a vEL8.80.1369 (MR3), 8.70 anterior a vEL8.70.2375 (MR5), 8.60 anterior a vEL8.60.2550 (MR7), todas las versiones de 8.50 y anteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"disclosures@gallagher.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-696\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.50\",\"matchCriteriaId\":\"23C4F969-A44F-40D6-A92B-56A2653A0786\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.60\",\"versionEndExcluding\":\"8.60.2550\",\"matchCriteriaId\":\"54586395-20DD-4AB8-8C2A-26870B1522A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.70\",\"versionEndExcluding\":\"8.70.2375\",\"matchCriteriaId\":\"1E787E1B-4152-4F45-8E6E-1761938E48A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.80\",\"versionEndExcluding\":\"8.80.1369\",\"matchCriteriaId\":\"6091751E-0326-445F-ABFF-09BE6D3543BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.90\",\"versionEndExcluding\":\"8.90.1620\",\"matchCriteriaId\":\"1B0605C7-4DC1-4F63-9987-D3320AC4D6A5\"}]}]}],\"references\":[{\"url\":\"https://security.gallagher.com/Security-Advisories/CVE-2023-23576\",\"source\":\"disclosures@gallagher.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gallagher.com/Security-Advisories/CVE-2023-23576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.