CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
28.4%
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.
[
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.70",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.10.1134(MR4)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1161(MR5)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.90.991(MR5)",
"status": "affected",
"version": "7.90",
"versionType": "custom"
},
{
"lessThan": "7.80.960(MR2)",
"status": "affected",
"version": "7.80",
"versionType": "custom"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
28.4%