Skip to main content

Command Centre CVE-2020-16099

MEDIUM
Improper Input Validation (CWE-20)
2020-09-15 disclosures@gallagher.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Sep 15, 2020 - 14:15 nvd
MEDIUM 4.3

DescriptionNVD

In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.

AnalysisAI

In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. Affected products include: Gallagher Command Centre.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-16098 CRITICAL
9.8 Sep 15

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions

CVE-2019-15294 CRITICAL
9.8 Aug 28

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Rated critical severity (CVSS 9.8), this

CVE-2021-23140 HIGH
8.8 Jun 11

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an

CVE-2020-16103 HIGH
8.8 Dec 14

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote

CVE-2020-16102 HIGH
8.2 Dec 14

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to cr

CVE-2023-23570 HIGH
8.1 Dec 18

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid conf

CVE-2021-23205 HIGH
8.1 Jun 11

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configura

CVE-2021-23197 HIGH
7.8 Nov 18

Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary

CVE-2020-16096 HIGH
7.7 Sep 15

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(

CVE-2023-22363 HIGH
7.5 Jul 25

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via as

CVE-2021-23146 HIGH
7.5 Nov 18

An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV

CVE-2020-16101 HIGH
7.5 Sep 15

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out

Share

CVE-2020-16099 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy