CVE-2023-23570: 
Gallagher Command Centre vulnerability analysis and mitigation

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This vulnerability (CVE-2023-23570) affects Gallagher Command Centre version 8.90 prior to vEL8.90.1620 (MR2) and all versions of 8.80 and prior. The vulnerability was disclosed on December 18, 2023 (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The attack vector is Network-based, requires Low attack complexity, Low privileges, and No user interaction. The scope is Unchanged, with Low impact on both Integrity and Availability, but No impact on Confidentiality (NVD).

The vulnerability could lead to invalid configuration with undefined behavior in the Command Centre server. The CVSS scoring indicates potential Low impacts on both system integrity and availability, while maintaining confidentiality of the system (NVD).

No direct workarounds are available. The vendor has released maintenance release v8.90.1620 (MR2) to address this vulnerability. Users are advised to upgrade to this version (Vendor Advisory).