ID CVE-2020-16096
Summary In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.
References
Vulnerable Configurations
  • cpe:2.3:a:gallagher:command_centre:7.80:*:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:7.80:*:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:7.80.960:-:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:7.80.960:-:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:7.90:*:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:7.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:7.90.991:-:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:7.90.991:-:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:8.00:*:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:8.00:*:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:8.00.1161:-:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:8.00.1161:-:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:8.10:*:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:8.10.1092:*:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:8.10.1092:*:*:*:*:*:*:*
  • cpe:2.3:a:gallagher:command_centre:8.10.1134:-:*:*:*:*:*:*
    cpe:2.3:a:gallagher:command_centre:8.10.1134:-:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 24-09-2020 - 14:22)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
misc https://security.gallagher.com/Security-Advisories/CVE-2020-16096
Last major update 24-09-2020 - 14:22
Published 15-09-2020 - 14:15
Last modified 24-09-2020 - 14:22
Back to Top