CVE-2024-43107

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La validación incorrecta de certificados (CWE-295) en Gallagher Milestone Integration Plugin (MIP) permite que se envíen mensajes no autenticados (por ejemplo, eventos de alarma) al complemento. Este problema afecta al complemento Gallagher MIPS v4.0 anterior a v4.0.32, todas las versiones de v3.0 y anteriores.

10 Mar 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-10 03:15

Updated : 2026-06-17 07:50

NVD link : CVE-2024-43107

Mitre link : CVE-2024-43107

CVE.ORG link : CVE-2024-43107

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2024-43107", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-43107", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T17:13:06.673037Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.7, "exploitabilityScore": 3.9}]}, "affected": [{"source": "disclosures@gallagher.com", "affectedData": [{"vendor": "Gallagher", "product": "Milestone Integration Plugin", "versions": [{"status": "affected", "version": "4.0", "lessThan": "4.0.32", "versionType": "custom"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.0"}], "defaultStatus": "affected"}]}], "published": "2025-03-10T03:15:26.750", "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107", "source": "disclosures@gallagher.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.\nThis issue effects Gallagher MIPS Plugin\u00a0v4.0 prior to v4.0.32, all versions of v3.0 and prior."}, {"lang": "es", "value": "La validaci\u00f3n incorrecta de certificados (CWE-295) en Gallagher Milestone Integration Plugin (MIP) permite que se env\u00eden mensajes no autenticados (por ejemplo, eventos de alarma) al complemento. Este problema afecta al complemento Gallagher MIPS v4.0 anterior a v4.0.32, todas las versiones de v3.0 y anteriores."}], "lastModified": "2026-06-17T07:50:26.997", "sourceIdentifier": "disclosures@gallagher.com"}