Incomplete Comparison with Missing Factors

CVE-2021-23146

High

7.1/10

Summary

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-1023 - Incomplete Comparison with Missing Factors

The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.

References

Advisory Timeline

Published Nov 18, 2021

Incomplete Comparison with Missing Factors

CVE-2021-23146

Summary

CWE-1023 - Incomplete Comparison with Missing Factors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS