Lucene search

[email protected]CVE-2020-16096

HistorySep 15, 2020 - 2:15 p.m.

CVE-2020-16096

2020-09-1514:15:13

CWE-285

[email protected]

web.nvd.nist.gov

gallagher command centre

cve-2020-16096

data security

access control

credential exfiltration

vulnerability

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.

Affected configurations

NVD

Node

gallaghercommand_centreRange7.80–7.80.960

gallaghercommand_centreRange7.90–7.90.991

gallaghercommand_centreRange8.00–8.00.1161

gallaghercommand_centreRange8.10–8.10.1134

gallaghercommand_centreMatch7.80.960-

gallaghercommand_centreMatch7.90.991-

gallaghercommand_centreMatch8.00.1161-

gallaghercommand_centreMatch8.10.1134-

CPENameOperatorVersion
gallagher:command_centregallagher command centrelt7.80.960
gallagher:command_centregallagher command centrelt7.90.991
gallagher:command_centregallagher command centrelt8.00.1161
gallagher:command_centregallagher command centrelt8.10.1134

CPE	Name	Operator	Version
gallagher:command_centre	gallagher command centre	lt	7.80.960
gallagher:command_centre	gallagher command centre	lt	7.90.991
gallagher:command_centre	gallagher command centre	lt	8.00.1161
gallagher:command_centre	gallagher command centre	lt	8.10.1134

CNA Affected

[
  {
    "product": "Command Centre",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "7.70",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "8.10.1134(MR4)",
        "status": "affected",
        "version": "8.10",
        "versionType": "custom"
      },
      {
        "lessThan": "8.00.1161(MR5)",
        "status": "affected",
        "version": "8.00",
        "versionType": "custom"
      },
      {
        "lessThan": "7.90.991(MR5)",
        "status": "affected",
        "version": "7.90",
        "versionType": "custom"
      },
      {
        "lessThan": "7.80.960(MR2)",
        "status": "affected",
        "version": "7.80",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2020-16096

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVE-2020-16096

prion1 cvelist1 nvd1