CVE-2024-43690: 
Gallagher Command Centre vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2024-43690) was identified in the Command Centre Server and Workstations software. The vulnerability involves the Inclusion of Functionality from Untrusted Control Sphere (CWE-829) that could potentially allow Remote Code Execution (RCE). The affected versions include Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 (MR2), 9.00 prior to vEL9.00.2168 (MR4), 8.90 prior to vEL8.90.2155 (MR5), 8.80 prior to vEL8.80.1938 (MR6), and all versions of 8.70 and prior (Gallagher Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.0 (High) with the following vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H. This scoring indicates that the vulnerability is network-accessible (AV:N), requires high attack complexity (AC:H), high privileges (PR:H), no user interaction (UI:N), has changed scope (S:C), and can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD Database).

If successfully exploited, this vulnerability could allow an attacker to perform Remote Code Execution (RCE) on affected systems, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected systems (Gallagher Advisory).

Gallagher has released maintenance releases to address this vulnerability: v9.10.1530(MR2) for v9.10 systems, v9.00.2168(MR4) for v9.00 systems, v8.90.2155(MR5) for v8.90 systems, and v8.80.1938(MR6) for v8.80 systems. Users are advised to upgrade to these patched versions (Gallagher Advisory).