CVE-2021-23205: 
Gallagher Command Centre vulnerability analysis and mitigation

A vulnerability identified as CVE-2021-23205 was discovered in Gallagher Command Centre Server, involving improper encoding or escaping that allows Command Centre Operators to modify controller configurations and other hardware items beyond their assigned privileges. The vulnerability affects multiple versions of Gallagher Command Centre: 8.40 versions prior to 8.40.1888 (MR3), 8.30 versions prior to 8.30.1359 (MR3), 8.20 versions prior to 8.20.1259 (MR5), and version 8.10 and prior versions (Gallagher Advisory).

The vulnerability is classified as CWE-116 (Improper Encoding or Escaping of Output). It received a CVSS v3.1 Base Score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H, indicating network accessibility, low attack complexity, and requiring low privileges. The CVSS v2.0 Base Score is 8.5 (HIGH) with the vector (AV:N/AC:L/Au:S/C:N/I:C/A:C) (NVD).

The vulnerability allows unauthorized modification of controller configurations and hardware items, potentially compromising the security infrastructure's integrity and availability. The high CVSS scores indicate significant potential impact on system integrity and availability, though confidentiality is not directly affected (NVD).

Gallagher has released maintenance updates to address this vulnerability. The fixed versions are: v8.40.1888(MR3), v8.30.1359(MR3), and v8.20.1259(MR5). These maintenance upgrades require the Command Centre server to be upgraded. No alternative mitigations were provided (Gallagher Advisory).