CVE-2023-25074

HIGH

Gallagher Command Centre < 8.40.2216 - Authenticated Privilege Escalation via Competency Modification

Title source: llm

Description

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.

References (1)

Core 1

Core References

Vendor Advisory

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074

Scores

CVSS v3 7.1

EPSS 0.0026

EPSS Percentile 17.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (1)

gallagher/command_centre < 8.40.2216

Published Jul 25, 2023

Tracked Since Feb 18, 2026