Vulnerabilities > CVE-2020-16096 - Unspecified vulnerability in Gallagher Command Centre

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gallagher

NVD

Published: 2020-09-15

Updated: 2020-09-24

Summary

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.

Vulnerable Configurations

Part	Description	Count
Application	Gallagher Gallagher Command Centre 7.80 Gallagher Command Centre 7.80.939 Gallagher Command Centre 7.90 Gallagher Command Centre 7.90.0 Gallagher Command Centre 7.90.961 Gallagher Command Centre 8.10 Gallagher Command Centre 8.10.1092 Gallagher Command Centre 8.0 Gallagher Command Centre 8.00 Gallagher Command Centre 8.00.1128 Gallagher Command Centre 8.10.1134 Gallagher Command Centre 8.00.1161 Gallagher Command Centre 7.90.991 Gallagher Command Centre 7.80.960	14

References

https://security.gallagher.com/Security-Advisories/CVE-2020-16096