Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server that stems from a privilege context switching error that could lead to cross-departmental...

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

CVE-2024-23317

External Control of File Name or Path CWE-73 in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This issue affects: 9.10 prior to vCR9.10.240520a distributed in 9.10.1268MR1, 9.00 prior to vCR9.00.240521a...

CVE-2024-22383

Missing release of resource after effective lifetime CWE-772 in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

CVE-2024-21838

Improper neutralization of special elements in output CWE-74 used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 MR2, 8.90 prior to...

Security feature bypass

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 MR2, all versions of 8.80 and prior...

CVE-2023-23570

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 MR2, all versions of 8.80 and prior...

PT-2023-19049 · Gallagher · Gallagher Command Centre

Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.80 and prior Gallagher Command Centre versions 8.90 prior to vEL8.90.1620 MR2 Description: The Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed, leading to...