CVE-2020-16096

EUVD-2020-8062
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
GallagherCNA
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
gallaghercommand_centre
7.80 ≤
𝑥
< 7.80.960
gallaghercommand_centre
7.90 ≤
𝑥
< 7.90.991
gallaghercommand_centre
8.00 ≤
𝑥
< 8.00.1161
gallaghercommand_centre
8.10 ≤
𝑥
< 8.10.1134
gallaghercommand_centre
7.80.960
gallaghercommand_centre
7.90.991
gallaghercommand_centre
8.00.1161
gallaghercommand_centre
8.10.1134
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.gallagher.com/Security-Advisories/CVE-2020-16096
https://security.gallagher.com/Security-Advisories/CVE-2020-16096