Vulnerabilities > CVE-2020-16096 - Unspecified vulnerability in Gallagher Command Centre

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

gallagher

NVD

Published: 2020-09-15

Updated: 2020-09-24

Summary

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.

Vulnerable Configurations

Part	Description	Count
Application	Gallagher Gallagher Command Centre 7.80 Gallagher Command Centre 7.80.960 Gallagher Command Centre 7.90 Gallagher Command Centre 7.90.991 Gallagher Command Centre 8.00 Gallagher Command Centre 8.00.1161 Gallagher Command Centre 8.10 Gallagher Command Centre 8.10.1092 Gallagher Command Centre 8.10.1134	9

References

https://security.gallagher.com/Security-Advisories/CVE-2020-16096