CVE-2022-26348

CVSS 8.2 HIGHEPSS 0.3%CWE-89

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

06 Jul 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Gallagher · Command Centre

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.gallagher.com/Security-Advisories/CVE-2022-26348