CVE-2021-23155

Medium

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command…

Gallagher·CWE-296·Published 2021-11-18

CVSS

6.8

EPSS

0.00

KEV

Exploits

cve.orgen

289 chars

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions.

NVDen

289 chars

NVDes

339 chars

Una comprobación inapropiada de la cadena de certificados de la nube en el Cliente móvil permite que un ataque de tipo man-in-the-middle se haga pasar por el Servidor del Centro de Comando legítimo. Este problema afecta a: Gallagher Command Centre Mobile Client para Android versiones 8.60 anteriores a 8.60.065; versión 8.50 y anteriores.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.1	Primary	cve.org	9.0	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H