Vulnerabilities > Gallagher
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-14 | CVE-2020-16102 | Missing Authentication for Critical Function vulnerability in Gallagher Command Centre Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. | 6.4 |
| 2020-09-15 | CVE-2020-16101 | Out-of-bounds Read vulnerability in Gallagher Command Centre It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. | 5.0 |
| 2020-09-15 | CVE-2020-16100 | Improper Resource Shutdown or Release vulnerability in Gallagher Command Centre It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. | 5.0 |
| 2020-09-15 | CVE-2020-16099 | Unspecified vulnerability in Gallagher Command Centre 8.20/8.20.1093 In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. network gallagher | 3.5 |
| 2020-09-15 | CVE-2020-16098 | Missing Authentication for Critical Function vulnerability in Gallagher Command Centre It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | 7.5 |
| 2020-09-15 | CVE-2020-16097 | Unspecified vulnerability in Gallagher Command Centre On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. | 2.1 |
| 2020-09-15 | CVE-2020-16096 | Unspecified vulnerability in Gallagher Command Centre In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. | 4.0 |
| 2020-01-20 | CVE-2020-7215 | Information Exposure vulnerability in Gallagher Command Centre An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). | 2.1 |
| 2020-01-17 | CVE-2019-19802 | Information Exposure vulnerability in Gallagher Command Centre In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | 4.0 |
| 2020-01-17 | CVE-2019-19801 | Unspecified vulnerability in Gallagher Command Centre In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases. | 2.1 |