CVE-2019-12492 - OpenCVE

Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gallagher	Command Centre

Configuration 1 [-]

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::

References

Link	Resource
https://security.gallagher.com/CVE-2019-12492	Mitigation Vendor Advisory
https://security.gallagher.com/security-advisories	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-06T19:29:20

Updated: 2019-06-06T19:29:20

Reserved: 2019-05-30T00:00:00

Link: CVE-2019-12492

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-06-06T20:29:02.743

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-12492

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-06T19:29:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.gallagher.com/CVE-2019-12492"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.gallagher.com/security-advisories"}], "source": {"discovery": "INTERNAL"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12492", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.gallagher.com/CVE-2019-12492", "refsource": "CONFIRM", "url": "https://security.gallagher.com/CVE-2019-12492"}, {"name": "https://security.gallagher.com/security-advisories", "refsource": "CONFIRM", "url": "https://security.gallagher.com/security-advisories"}]}, "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12492", "datePublished": "2019-06-06T19:29:20", "dateReserved": "2019-05-30T00:00:00", "dateUpdated": "2019-06-06T19:29:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEF7DF9C-7C50-4B6F-9790-603C129A8B65", "versionEndExcluding": "7.80.939", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CE92845-2ABE-4A9F-B66D-638094A4E899", "versionEndExcluding": "7.90.961", "versionStartIncluding": "7.90.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0B6CB8C-D6C8-4C19-83E6-2358FCC081D3", "versionEndExcluding": "8.00.1128", "versionStartIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services."}, {"lang": "es", "value": "Gallagher Command Center anterior de 7.80.939, 7.90.x anterior de 7.90.961, y 8.x anterior de las 8.00.1128 permite la creaci\u00f3n de eventos arbitrarios y la revelaci\u00f3n de informaci\u00f3n a trav\u00e9s de los servicios FT Command Center Service y FT Controller Service."}], "id": "CVE-2019-12492", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-06T20:29:02.743", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://security.gallagher.com/CVE-2019-12492"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/security-advisories"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}