CRITICAL🇵🇱 Wersja polska

CVE-2020-16098

CVSS 9.8v3.1pub. 2020-09-15upd. 2024-11-21

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gallagher Command Centre

    APP
    Gallagher
    8.00.12288.10.12118.20.11668.30.12368.30 – 8.30.1236 (bez)8.20 – 8.20.1166 (bez)8.10 – 8.10.1211 (bez)8.00 – 8.00.1228 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-21815CRITICAL9.1PL ✓ten sam produkt

Gallagher Command Centre: niechronione dane uwierzytelniające integracji DVR

CVE-2021-23230CRITICAL9.9ten sam produkt

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged ...

CVE-2021-23140CRITICAL9.9ten sam produkt

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modif...

CVE-2020-16096CRITICAL9.9ten sam produkt

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to...

CVE-2019-15294CRITICAL9.8ten sam produkt

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom s...