Vulnerabilities > Gallagher > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-23570 | Unspecified vulnerability in Gallagher Command Centre Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. | 8.1 |
| 2023-12-18 | CVE-2023-24590 | Use of Externally-Controlled Format String vulnerability in Gallagher Controller 6000 Firmware A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | 8.8 |
| 2023-12-18 | CVE-2023-46686 | Unspecified vulnerability in Gallagher Command Centre 9.00/9.00.1507 A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. | 7.1 |
| 2023-07-25 | CVE-2023-22363 | Out-of-bounds Write vulnerability in Gallagher Command Centre A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2) | 7.5 |
| 2022-07-06 | CVE-2022-26078 | Unspecified vulnerability in Gallagher Controller 6000 Firmware Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. | 7.8 |
| 2021-11-18 | CVE-2021-23146 | Incorrect Comparison vulnerability in Gallagher Command Centre An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. | 7.5 |
| 2021-06-11 | CVE-2021-23205 | Improper Encoding or Escaping of Output vulnerability in Gallagher Command Centre Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. | 8.5 |
| 2020-09-15 | CVE-2020-16098 | Missing Authentication for Critical Function vulnerability in Gallagher Command Centre It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | 7.5 |