Reliance on Untrusted Inputs in a Security Decision
CVE-2023-46686
Summary
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- HIGH
- LOW
- NONE
CWE-807 - Reliance on Untrusted Inputs in a Security Decision
The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
References
Advisory Timeline
- Published
