cvelist/2024/43xxx/CVE-2024-43107.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-43107",
        "ASSIGNER": "disclosures@gallagher.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\nThis issue effects Gallagher MIPS Plugin\u00a0v4.0 prior to v4.0.32, all versions of v3.0 and prior."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-295 Improper Certificate Validation",
                        "cweId": "CWE-295"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Gallagher",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Milestone Integration Plugin",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "lessThan": "4.0.32",
                                                        "status": "affected",
                                                        "version": "4.0",
                                                        "versionType": "custom"
                                                    },
                                                    {
                                                        "lessThanOrEqual": "3.0",
                                                        "status": "affected",
                                                        "version": "0",
                                                        "versionType": "custom"
                                                    }
                                                ],
                                                "defaultStatus": "affected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107",
                "refsource": "MISC",
                "name": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "INTERNAL"
    },
    "configuration": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<span style=\"background-color: rgb(255, 255, 255);\">Impact of this vulnerability is limited to</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32.</span>\n\n<br>"
                }
            ],
            "value": "Impact of this vulnerability is limited to\u00a0sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2024-08-28 03:00:32 +00:00			`{`
"-Synchronized-Data." 2025-03-10 14:00:34 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-08-28 03:00:32 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-43107",`
"-Synchronized-Data." 2025-03-10 14:00:34 +00:00			`"ASSIGNER": "disclosures@gallagher.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-08-28 03:00:32 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2025-03-10 14:00:34 +00:00			`"value": "Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\nThis issue effects Gallagher MIPS Plugin\u00a0v4.0 prior to v4.0.32, all versions of v3.0 and prior."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-295 Improper Certificate Validation",`
			`"cweId": "CWE-295"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Gallagher",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Milestone Integration Plugin",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "not down converted",`
			`"x_cve_json_5_version_data": {`
			`"versions": [`
			`{`
			`"lessThan": "4.0.32",`
			`"status": "affected",`
			`"version": "4.0",`
			`"versionType": "custom"`
			`},`
			`{`
			`"lessThanOrEqual": "3.0",`
			`"status": "affected",`
			`"version": "0",`
			`"versionType": "custom"`
			`}`
			`],`
			`"defaultStatus": "affected"`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107",`
			`"refsource": "MISC",`
			`"name": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.2.0"`
			`},`
			`"source": {`
			`"discovery": "INTERNAL"`
			`},`
			`"configuration": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "<span style=\"background-color: rgb(255, 255, 255);\">Impact of this vulnerability is limited to</span><span style=\"background-color: rgb(255, 255, 255);\"> sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32.</span>\n\n<br>"`
			`}`
			`],`
			`"value": "Impact of this vulnerability is limited to\u00a0sites making use of the Gallagher Milestone Integration Plugin prior to v4.0.32."`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 7.2,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",`
			`"version": "3.1"`
"-Synchronized-Data." 2024-08-28 03:00:32 +00:00			`}`
			`]`
			`}`
			`}`