CVE-2024-41724 HIGH

CVE-2024-41724

Vendor Gallagher
Product Command Centre Server
Weakness CWE-295
Published March 10, 2025
Last update March 10, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.

Key dates

02Disclosure timeline

March 10, 2025 CVE published
March 10, 2025 Record updated