CVE-2020-16100

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GallagherCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
gallaghercommand_centre
8.00 ≤
𝑥
< 8.00.1228
gallaghercommand_centre
8.10 ≤
𝑥
< 8.10.1211
gallaghercommand_centre
8.20 ≤
𝑥
< 8.20.1166
gallaghercommand_centre
8.00.1228
gallaghercommand_centre
8.10.1211
gallaghercommand_centre
8.20.1166
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.gallagher.com/Security-Advisories/CVE-2020-16100
https://security.gallagher.com/Security-Advisories/CVE-2020-16100