CVE-2022-26348

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.

CVSS v3 8.2 HIGH
CVSS v2.0 2.1 LOW

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2022-26348	Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2022-26348	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::

History

21 Nov 2024, 06:53

Type	Values Removed	Values Added
CVSS	v2 : ~~2.1~~ v3 : ~~5.5~~	v2 : 2.1 v3 : 8.2
References	~~() https://security.gallagher.com/Security-Advisories/CVE-2022-26348 - Vendor Advisory~~	() https://security.gallagher.com/Security-Advisories/CVE-2022-26348 - Vendor Advisory

Information

Published : 2022-07-06 17:15

Updated : 2024-11-21 06:53

NVD link : CVE-2022-26348

Mitre link : CVE-2022-26348

CVE.ORG link : CVE-2022-26348

JSON object : View

Products Affected

gallagher

command_centre

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2022-26348", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-07-06T17:15:07.937", "references": [{"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348", "tags": ["Vendor Advisory"], "source": "disclosures@gallagher.com"}, {"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."}, {"lang": "es", "value": "Command Centre Server es vulnerable a una inyecci\u00f3n SQL por medio de la configuraci\u00f3n del Registro de Windows para los campos de fecha en el servidor. La configuraci\u00f3n del Registro de Windows permite a un atacante usando el Kiosco de Administraci\u00f3n de Visitantes, una aplicaci\u00f3n dise\u00f1ada para uso p\u00fablico, invocar una consulta SQL arbitraria que ha sido precargada en el registro del Servidor de Windows para obtener informaci\u00f3n confidencial. Este problema afecta a: Gallagher Command Centre versiones 8.60 anteriores a 8.60.1652; versiones 8.50 anteriores a 8.50.2245; versiones 8.40 anteriores a 8.40.2216; versiones 8.30 anteriores a 8.30.1470; versiones 8.20 y anteriores"}], "lastModified": "2024-11-21T06:53:48.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FDEAA9-8012-4149-9D76-77E41CB4DD10", "versionEndIncluding": "8.20"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B661AF12-667B-4470-984E-AC109FE1B4A2", "versionEndExcluding": "8.30.1470", "versionStartIncluding": "8.30"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D083D37-176B-4A15-83D9-0486A2355D83", "versionEndExcluding": "8.40.2216", "versionStartIncluding": "8.40"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F3A5031-A6FF-4A4F-8B2F-14389BA76F0E", "versionEndExcluding": "8.50.2245", "versionStartIncluding": "8.50"}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58EF5C9C-9377-44A2-9EA8-664650955786", "versionEndExcluding": "8.60.1652", "versionStartIncluding": "8.60"}], "operator": "OR"}]}], "sourceIdentifier": "disclosures@gallagher.com"}