CVE-2020-16102
14.12.2020, 20:15
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gallagher | command_centre | 𝑥 < 7.90.0 |
| gallagher | command_centre | 8.00 ≤ 𝑥 < 8.00.1252 |
| gallagher | command_centre | 8.10 ≤ 𝑥 < 8.10.1253 |
| gallagher | command_centre | 8.20 ≤ 𝑥 < 8.20.1218 |
| gallagher | command_centre | 8.30 ≤ 𝑥 < 8.30.1299 |
| gallagher | command_centre | 8.00.1252 |
| gallagher | command_centre | 8.00.1252:maintenance_release7 |
| gallagher | command_centre | 8.10.1253 |
| gallagher | command_centre | 8.10.1253:maintenance_release6 |
| gallagher | command_centre | 8.20.1218 |
| gallagher | command_centre | 8.20.1218:maintenance_release4 |
| gallagher | command_centre | 8.30.1299 |
| gallagher | command_centre | 8.30.1299:maintenance_release2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.