CVE Vulnerabilities

CVE-2021-23146

Incorrect Comparison

Published: Nov 18, 2021 | Modified: Oct 07, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

Weakness

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Affected Software

Name Vendor Start Version End Version
Command_centre Gallagher * 8.00
Command_centre Gallagher 8.10 *
Command_centre Gallagher 8.20 *
Command_centre Gallagher 8.30 *
Command_centre Gallagher 8.40 *

Extended Description

This Pillar covers several possibilities:

References