CVE-2023-22428
📋 TL;DR
This vulnerability allows authenticated operators in Gallagher Command Centre Server to improperly modify Division lineage due to insufficient privilege validation. It affects all Command Centre versions vEL8.40 through vEL8.80 prior to specific maintenance releases. This could enable unauthorized changes to organizational structures and access controls.
💻 Affected Systems
- Gallagher Command Centre Server
📦 What is this software?
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious operator could reconfigure Division hierarchies to bypass security controls, escalate privileges, or disrupt security operations across the entire system.
Likely Case
Authorized users with limited privileges could make unauthorized modifications to Division structures, potentially affecting access controls and audit trails.
If Mitigated
With proper access controls and monitoring, impact would be limited to minor configuration changes that can be detected and rolled back.
🎯 Exploit Status
Exploitation requires authenticated operator access. The vulnerability is in privilege validation logic, making exploitation straightforward for authenticated users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: vEL8.80.1192 (MR2), vEL8.70.2185 (MR4), vEL8.60.2347 (MR6), vEL8.50.2831 (MR8)
Vendor Advisory: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428
Restart Required: Yes
Instructions:
1. Download appropriate maintenance release from Gallagher support portal. 2. Backup current configuration. 3. Apply patch following Gallagher upgrade procedures. 4. Restart Command Centre services. 5. Verify patch installation and functionality.
🔧 Temporary Workarounds
Restrict Operator Privileges
allTemporarily reduce Division modification privileges for operators to only essential personnel.
Enhanced Monitoring
allImplement additional logging and alerting for Division lineage changes.
🧯 If You Can't Patch
- Implement strict least-privilege access controls for Division management functions
- Enable comprehensive audit logging for all Division configuration changes and review logs regularly
🔍 How to Verify
Check if Vulnerable:
Check Command Centre version against affected ranges: vEL8.40-vEL8.80 prior to specified maintenance releases.Check Version:
Check Command Centre administration interface or consult Gallagher documentation for version verification command.Verify Fix Applied:
Verify version is at or above: vEL8.80.1192, vEL8.70.2185, vEL8.60.2347, or vEL8.50.2831 depending on base version.📡 Detection & Monitoring
Log Indicators:
- Unauthorized Division lineage modification attempts
- Unexpected Division configuration changes
- Privilege escalation attempts through Division management
Network Indicators:
- Unusual Division management API calls from non-admin accounts
SIEM Query:
source="command_centre" AND (event_type="division_modify" OR event_type="privilege_change") AND user_privilege!="admin"