CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-43107: Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events)...

7.2 CVSS

Description

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.
This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.

Classification

CVE ID: CVE-2024-43107

CVSS Base Severity: HIGH

CVSS Base Score: 7.2

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Problem Types

CWE-295 Improper Certificate Validation

Affected Products

Vendor: Gallagher

Product: Milestone Integration Plugin

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 4.85% (scored less or equal to compared to others)

EPSS Date: 2025-04-08 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-43107
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-43107

Timeline

2025-03-10 18:40:11 UTC
CVE

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events)...