cbcvebase.
CVE-2023-23576
published 2023-12-18

CVE-2023-23576: Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network…

PriorityP418medium4.3CVSS 3.1
AVPACLPRLUINSUCNIHAN
EPSS
0.28%
19.8th percentile
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.

Affected

10 ranges
VendorProductVersion rangeFixed in
gallaghercommand_centre<= 8.50
gallaghercommand_centre>= 8.60 < 8.60.25508.60.2550
gallaghercommand_centre>= 8.70 < 8.70.23758.70.2375
gallaghercommand_centre>= 8.80 < 8.80.13698.80.1369
gallaghercommand_centre>= 8.90 < 8.90.16208.90.1620
gallaghercommand_centre_server<= 8.50
gallaghercommand_centre_server>= 8.60 < 8.60.2550 (MR7)8.60.2550 (MR7)
gallaghercommand_centre_server>= 8.70 < 8.70.2375 (MR5)8.70.2375 (MR5)
gallaghercommand_centre_server>= 8.80 < 8.80.1369 (MR3)8.80.1369 (MR3)
gallaghercommand_centre_server>= 8.90 < 8.90.1620 (MR2)8.90.1620 (MR2)
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.