cbcvebase.
CVE-2024-43690
published 2024-09-11

CVE-2024-43690: Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code…

PriorityP347high8CVSS 3.1
AVNACHPRHUINSCCHIHAH
EPSS
0.60%
44.3th percentile
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE). This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), all versions of 8.70 and prior.

Affected

5 ranges
VendorProductVersion rangeFixed in
gallaghercommand_centre_server<= 8.70
gallaghercommand_centre_server>= 8.80 < vEL8.80.1938 (MR6)vEL8.80.1938 (MR6)
gallaghercommand_centre_server>= 8.90 < vEL8.90.2155 (MR5)vEL8.90.2155 (MR5)
gallaghercommand_centre_server>= 9.00 < vEL9.00.2168 (MR4)vEL9.00.2168 (MR4)
gallaghercommand_centre_server>= 9.10 < vEL9.10.1530(MR2)vEL9.10.1530(MR2)
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.