CRITICAL🇬🇧 English

CVE-2020-16096

CVSS 9.9v3.1pub. 2020-09-15upd. 2024-11-21

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Gallagher Command Centre

    APP
    Gallagher
    7.80.9607.90.9918.00.11618.10.11348.10 – 8.10.1134 (bez)8.00 – 8.00.1161 (bez)7.90 – 7.90.991 (bez)7.80 – 7.80.960 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-21815CRITICAL9.1PL ✓ten sam produkt

Gallagher Command Centre: niechronione dane uwierzytelniające integracji DVR

CVE-2021-23230CRITICAL9.9ten sam produkt

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged ...

CVE-2021-23140CRITICAL9.9ten sam produkt

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modif...

CVE-2020-16098CRITICAL9.8ten sam produkt

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in...

CVE-2019-15294CRITICAL9.8ten sam produkt

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom s...