Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-47147 is a vulnerability in the Command Centre Mobile Client for Android and iOS versions prior to 9.40.123. It involves the cleartext storage of sensitive information, specifically session tokens, on the mobile device. This means that an attacker who has physical or logical access to a logged-in Operator's mobile device could extract these session tokens."}, {'type': 'paragraph', 'content': 'Because the session tokens are stored without encryption, the attacker could use them to gain unauthorized access to the system for a limited duration.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access and high privileges on your mobile device to extract session tokens stored in cleartext. Using these tokens, the attacker could impersonate the logged-in Operator and gain unauthorized access to the Command Centre system for a limited time.

The impact affects the confidentiality and integrity of your data and sessions, but it does not affect system availability.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves the cleartext storage of session tokens on the Command Centre Mobile Client on Android and iOS devices. Detection requires access to the mobile device to inspect stored data for session tokens saved in cleartext.'}, {'type': 'paragraph', 'content': "Since exploitation requires local access with high privileges, network detection is unlikely. Instead, manual inspection on the device or forensic analysis of the app's storage areas is needed."}, {'type': 'paragraph', 'content': "Suggested commands or steps include accessing the mobile device's file system (e.g., using Android Debug Bridge (adb) for Android devices) to search for session token files or data stored in cleartext within the app's storage directories."}, {'type': 'list_item', 'content': 'For Android devices, use: adb shell to access the device shell.'}, {'type': 'list_item', 'content': "Navigate to the app's data directory, typically under /data/data/com.gallagher.commandcentre/ or similar."}, {'type': 'list_item', 'content': 'Use commands like grep or cat to search for session tokens or sensitive strings in files.'}, {'type': 'paragraph', 'content': 'For iOS devices, similar inspection requires jailbroken devices and use of tools like ssh or file system explorers to locate and examine stored session tokens.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade the Command Centre Mobile Client on all Android and iOS devices to version 9.40.123 or later, where the issue is resolved.

Restrict physical and logical access to mobile devices used by Operators to prevent unauthorized extraction of session tokens.

Enforce strong device security policies such as screen locks, encryption, and limited user privileges to reduce the risk of token extraction.

Consider invalidating existing session tokens and requiring re-authentication after the update to prevent misuse of any previously exposed tokens.

Useful 0 Not Useful 0