Command Centre Security Vulnerabilities and Issues — Command Centre CVE List

Lucene search

GallagherCommand Centre

9 matches found

CVE•added 2021/11/18 6:15 p.m.•38 views

CVE-2021-23146

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5);...

7.5CVSS7.5AI score0.0017EPSS

CVE•added 2023/07/25 12:15 a.m.•35 views

CVE-2023-25074

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8...

7.1CVSS6AI score0.00037EPSS

CVE•added 2021/11/18 7:15 p.m.•34 views

CVE-2021-23197

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

7.8CVSS8.5AI score0.00044EPSS

CVE•added 2020/09/15 2:15 p.m.•33 views

CVE-2020-16097

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier...

7.3CVSS4.8AI score0.0006EPSS

CVE•added 2020/09/15 2:15 p.m.•33 views

CVE-2020-16101

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

7.5CVSS7.8AI score0.0039EPSS

CVE•added 2023/12/18 10:15 p.m.•30 views

CVE-2023-46686

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).

7.1CVSS6.9AI score0.00083EPSS

CVE•added 2020/09/15 2:15 p.m.•29 views

CVE-2020-16100

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v...

7.5CVSS7.7AI score0.00446EPSS

CVE•added 2023/07/24 11:15 p.m.•29 views

CVE-2023-22428

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL...

7.6CVSS6.5AI score0.00037EPSS

CVE•added 2023/07/25 12:15 a.m.•22 views

CVE-2023-22363

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)

7.5CVSS6.8AI score0.0015EPSS