Command Centre
CVE-2020-16099
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.
AnalysisAI
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. Affected products include: Gallagher Command Centre.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Command Centre
View allIt is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Rated critical severity (CVSS 9.8), this
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to cr
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid conf
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configura
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via as
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today