CVE-2023-46686: 
Gallagher Command Centre vulnerability analysis and mitigation

A vulnerability identified as CVE-2023-46686 was discovered in the Gallagher Command Centre Diagnostics Service. The vulnerability affects versions prior to v1.3.0 (distributed in 9.00.1507(MR1)). This security issue was disclosed and documented by Gallagher Internal (Gallagher Advisory).

The vulnerability is classified as a reliance on untrusted inputs in a security decision (CWE-807). It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N. This indicates that the vulnerability is network-accessible, requires high privileges, needs no user interaction, and can result in low confidentiality impact and high integrity impact, with no availability impact (NVD).

If exploited, this vulnerability could allow a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols, potentially compromising the security of the system (Gallagher Advisory).

The vulnerability has been patched in version v1.3.0 of the Gallagher Diagnostics Service, which is distributed in Command Centre version 9.00.1507 (MR1). Users are advised to upgrade to this version or later to address the security issue (Gallagher Advisory).