Lucene search

[email protected]CVE-2020-16097

HistorySep 15, 2020 - 2:15 p.m.

CVE-2020-16097

2020-09-1514:15:13

CWE-522

[email protected]

web.nvd.nist.gov

cve-2020-16097

information disclosure

debug ports

t series readers

security vulnerability

mifare plus

desfire

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.3 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.

Affected configurations

NVD

Node

gallaghercommand_centreRange7.90–7.90.1038

gallaghercommand_centreRange8.00–8.00.1228

gallaghercommand_centreRange8.10–8.10.1211

gallaghercommand_centreRange8.20–8.20.1093

gallaghercommand_centreMatch7.90.1038-

gallaghercommand_centreMatch8.00.1228-

gallaghercommand_centreMatch8.10.1211-

gallaghercommand_centreMatch8.20.1093-

CPENameOperatorVersion
gallagher:command_centregallagher command centrelt7.90.1038
gallagher:command_centregallagher command centrelt8.00.1228
gallagher:command_centregallagher command centrelt8.10.1211
gallagher:command_centregallagher command centrelt8.20.1093

CPE	Name	Operator	Version
gallagher:command_centre	gallagher command centre	lt	7.90.1038
gallagher:command_centre	gallagher command centre	lt	8.00.1228
gallagher:command_centre	gallagher command centre	lt	8.10.1211
gallagher:command_centre	gallagher command centre	lt	8.20.1093

CNA Affected

[
  {
    "product": "Command Centre",
    "vendor": "Gallagher",
    "versions": [
      {
        "lessThanOrEqual": "vGR7.80",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "vCR8.20.200221b",
        "status": "affected",
        "version": "vCR8.20",
        "versionType": "custom"
      },
      {
        "lessThan": "vGR8.10.179",
        "status": "affected",
        "version": "8.10",
        "versionType": "custom"
      },
      {
        "lessThan": "vGR8.00.165",
        "status": "affected",
        "version": "8.00",
        "versionType": "custom"
      },
      {
        "lessThan": "vGR7.90.1038",
        "status": "affected",
        "version": "7.90",
        "versionType": "custom"
      }
    ]
  }
]

References

security.gallagher.com/Security-Advisories/CVE-2020-16097

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.3 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVE-2020-16097

prion1 nvd1 cvelist1