CVE-2024-43107 HIGH

CVE-2024-43107

Vendor Gallagher
Product Milestone Integration Plugin
Weakness CWE-295
Published March 10, 2025
Last update March 10, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.

Key dates

02Disclosure timeline

March 10, 2025 CVE published
March 10, 2025 Record updated