CVE-2025-46406

{"id": "CVE-2025-46406", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.3}]}, "published": "2025-07-10T03:15:29.017", "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-46406", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-270"}]}], "descriptions": [{"lang": "en", "value": "A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.\n\nThis issue affects Command Centre Server: \n\n9.30 prior to 9.30.1874\u00a0(MR1), 9.20 prior to 9.20.2337\u00a0(MR3), 9.10 prior to 9.10.3194\u00a0(MR6), 9.00 prior to 9.00.3371\u00a0(MR7), all versions of 8.90 and prior."}, {"lang": "es", "value": "Un error de cambio de contexto de privilegios (CWE-270) en Command Center Server podr\u00eda permitir que un operador con privilegios de alto nivel en una divisi\u00f3n realice actividades con privilegios limitados fuera de los l\u00edmites de la divisi\u00f3n. Este problema afecta a las siguientes versiones del servidor del Centro de Comando: 9.30 y anteriores a 9.30.1874 (MR1), 9.20 y anteriores a 9.20.2337 (MR3), 9.10 y anteriores a 9.10.3194 (MR6), 9.00 y anteriores a 9.00.3371 (MR7), y todas las versiones de 8.90 y anteriores."}], "lastModified": "2025-07-10T13:17:30.017", "sourceIdentifier": "[email protected]"}