Vulnerabilites related to gallagher - command_centre
Vulnerability from fkie_nvd
Published
2020-01-17 02:15
Modified
2024-11-21 04:35
Severity ?
Summary
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gallagher.com/cve-2019-19802 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gallagher.com/cve-2019-19802 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 7.80.960 | |
| gallagher | command_centre | 7.90.991 | |
| gallagher | command_centre | 8.00.1161 | |
| gallagher | command_centre | 8.10.1134 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1560D6-CCAA-4FF6-A342-53F3BD108408",
"versionEndExcluding": "7.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4005F0E6-ED18-4DBE-8FDC-F6F40853CE43",
"versionEndExcluding": "7.80.960",
"versionStartIncluding": "7.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6093704-EB1F-4B41-A9BA-EAF5EBBE86E1",
"versionEndExcluding": "7.90.991",
"versionStartIncluding": "7.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8C50BE-CE33-47F5-87D7-72EC8A069C03",
"versionEndExcluding": "8.00.1161",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F25C56A-EFE0-407A-B682-E25C5665CAB5",
"versionEndExcluding": "8.10.1134",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.80.960:-:*:*:*:*:*:*",
"matchCriteriaId": "10E5A085-2298-4DF7-B7FE-3BDC5D2701D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.90.991:-:*:*:*:*:*:*",
"matchCriteriaId": "B374C701-59BA-4BDC-A2CD-5EE40A253746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1161:-:*:*:*:*:*:*",
"matchCriteriaId": "2BE2F182-7215-4A41-86F5-B8F6F307E779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1134:-:*:*:*:*:*:*",
"matchCriteriaId": "0676CE27-3D08-4619-89A6-7A17B37B3665",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied."
},
{
"lang": "es",
"value": "En Gallagher Command Center Server versiones v8.10 anteriores a v8.10.1134(MR4), versiones v8.00 anteriores a v8.00.1161(MR5), versiones v7.90 anteriores a v7.90.991(MR5), versiones v7.80 anteriores a v7.80.960(MR2) y versi\u00f3n v7.70 o anteriores, un usuario autenticado que conecta con OPCUA puede visualizar todos los datos que se replicar\u00edan en una configuraci\u00f3n multiservidor sin ser aplicadas comprobaciones de privilegios."
}
],
"id": "CVE-2019-19802",
"lastModified": "2024-11-21T04:35:25.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-17T02:15:11.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/cve-2019-19802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/cve-2019-19802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-24 23:15
Modified
2024-11-21 07:44
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51DC51C-E4D6-4C8D-8235-10258F79A6C5",
"versionEndIncluding": "8.40.2216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23146CE-CE9D-4850-8169-D0C168A3D037",
"versionEndExcluding": "8.50.2831",
"versionStartIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12131674-A0E9-4A12-BA87-C9207DA8C34C",
"versionEndExcluding": "8.60.2347",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1E36DB-F15E-449A-A672-4853D31CE064",
"versionEndExcluding": "8.70.2185",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\n\n"
}
],
"id": "CVE-2023-22428",
"lastModified": "2024-11-21T07:44:47.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-24T23:15:11.230",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-18 18:15
Modified
2024-11-21 05:51
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63D6F225-FF42-4B2A-9CAE-0DF2366F28E3",
"versionEndIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265809A9-AA8A-41E1-A3A7-E1CC6157D087",
"versionEndExcluding": "8.10.1284",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95D4CF5-6A49-45A4-A145-D12ACCA0FF6C",
"versionEndExcluding": "8.20.1259",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8A27CD-C93A-4ED5-AECE-39EB05788C5B",
"versionEndExcluding": "8.30.1359",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2157A0E-4B51-4D16-8A6E-0FC711C1961B",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comparaci\u00f3n incompleta con factores ausentes en el controlador Gallagher permite a un atacante eludir la verificaci\u00f3n PIV. Este problema afecta a: Gallagher Command Centre 8.40 versiones anteriores a 8.40.1888 (MR3); 8.30 versiones anteriores a 8.30.1359 (MR3); 8.20 versiones anteriores a 8.20.1259 (MR5); 8.10 versiones anteriores a 8.10.1284 (MR7); versi\u00f3n 8.00 y versiones anteriores"
}
],
"id": "CVE-2021-23146",
"lastModified": "2024-11-21T05:51:17.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-18T18:15:07.730",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23146"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1023"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 02:15
Modified
2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.
This issue affects Command Centre: vEL
8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),
vEL8.70 prior to
vEL8.70.2185 (MR4),
vEL8.60 prior to
vEL8.60.2347 (MR6),
vEL8.50 prior to
vEL8.50.2831 (MR8), all versions
vEL8.40 and prior
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51DC51C-E4D6-4C8D-8235-10258F79A6C5",
"versionEndIncluding": "8.40.2216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23146CE-CE9D-4850-8169-D0C168A3D037",
"versionEndExcluding": "8.50.2831",
"versionStartIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12131674-A0E9-4A12-BA87-C9207DA8C34C",
"versionEndExcluding": "8.60.2347",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1E36DB-F15E-449A-A672-4853D31CE064",
"versionEndExcluding": "8.70.2185",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "110D9A0C-409D-4B1F-84B6-274B15D87CA3",
"versionEndExcluding": "8.90.1318",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"
}
],
"id": "CVE-2023-23568",
"lastModified": "2024-11-21T07:46:26.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T02:15:09.317",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:51
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8A27CD-C93A-4ED5-AECE-39EB05788C5B",
"versionEndExcluding": "8.30.1359",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2157A0E-4B51-4D16-8A6E-0FC711C1961B",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n Confidencial a un Actor No Autorizado en Gallagher Command Centre Server, permite al material clave OSDP ser expuesto a Operadores del Centro de Mando. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3)"
}
],
"id": "CVE-2021-23204",
"lastModified": "2024-11-21T05:51:22.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T16:15:12.177",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:06
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.00.1228 | |
| gallagher | command_centre | 8.00.1228 | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.20.1166 | |
| gallagher | command_centre | 8.20.1166 | |
| gallagher | command_centre | 8.30.1236 | |
| gallagher | command_centre | 8.30.1236 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC327DD-614D-4F03-B77A-941EFE1269F3",
"versionEndExcluding": "7.90.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF24E0D-FEF8-4814-A689-50869362C70A",
"versionEndExcluding": "8.00.1228",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE",
"versionEndExcluding": "8.10.1211",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7DBECA-3C79-4346-AB66-B7538B230FE7",
"versionEndExcluding": "8.20.1166",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DEE3F1-6EE3-4D31-BDF2-648F45C0EC20",
"versionEndExcluding": "8.30.1236",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1228:-:*:*:*:*:*:*",
"matchCriteriaId": "B5A79B43-E943-44E2-B13A-64F955518C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1228:maintenance_release6:*:*:*:*:*:*",
"matchCriteriaId": "8032E6B3-B5D4-4009-936B-35CA03CF0256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*",
"matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:maintenance_release5:*:*:*:*:*:*",
"matchCriteriaId": "4AE5C9DA-0A88-4A55-9395-7C2D357D9FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*",
"matchCriteriaId": "3DACA47B-78DA-4ED5-A15B-04556FA11865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "38E86AF8-3460-4007-B5A2-0E4EA3F42974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:-:*:*:*:*:*:*",
"matchCriteriaId": "34322F73-2AEF-4920-96DD-B138125A0660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "784CE63C-BE80-4111-9A56-6CD03CAE6E0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with \u0027Edit Enterprise Data Interfaces\u0027 privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Enterprise Data Interface de Gallagher Command Centre, permite a un atacante remoto con privilegio de \"Edit Enterprise Data Interfaces\" ejecutar un SQL arbitrario contra una base de datos de terceros si EDI est\u00e1 configurado para importar datos de esta base de datos.\u0026#xa0;Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236(MR1);\u0026#xa0;versiones 8.20 anteriores a 8.20.1166(MR3);\u0026#xa0;versiones 8.10 anteriores a 8.10.1211 (MR5);\u0026#xa0;versiones 8.00 anteriores a 8.00.1228(MR6);\u0026#xa0;versi\u00f3n 7.90 y versiones anteriores."
}
],
"id": "CVE-2020-16104",
"lastModified": "2024-11-21T05:06:47.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T20:15:12.247",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16104"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 22:15
Modified
2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.3 (Medium) - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.
This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54586395-20DD-4AB8-8C2A-26870B1522A2",
"versionEndExcluding": "8.60.2550",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E787E1B-4152-4F45-8E6E-1761938E48A3",
"versionEndExcluding": "8.70.2375",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6091751E-0326-445F-ABFF-09BE6D3543BF",
"versionEndExcluding": "8.80.1369",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0605C7-4DC1-4F63-9987-D3320AC4D6A5",
"versionEndExcluding": "8.90.1620",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"
},
{
"lang": "es",
"value": "El orden de comportamiento incorrecto en Command Center Server podr\u00eda permitir que los usuarios privilegiados obtengan acceso f\u00edsico al sitio durante m\u00e1s tiempo del previsto despu\u00e9s de una interrupci\u00f3n de la red cuando se utilizan competencias en la decisi\u00f3n de acceso. Este problema afecta a: Gallagher Command Center: 8.90 anterior a vEL8.90.1620 (MR2), 8.80 anterior a vEL8.80.1369 (MR3), 8.70 anterior a vEL8.70.2375 (MR5), 8.60 anterior a vEL8.60.2550 (MR7), todas las versiones de 8.50 y anteriores."
}
],
"id": "CVE-2023-23576",
"lastModified": "2024-11-21T07:46:27.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.210",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-696"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 00:15
Modified
2024-11-21 07:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
}
],
"id": "CVE-2023-22363",
"lastModified": "2024-11-21T07:44:38.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T00:15:09.540",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-25 00:15
Modified
2024-11-21 07:49
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.
This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),
vEL8.60 prior to vEL8.60.2347 (MR6),
vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51DC51C-E4D6-4C8D-8235-10258F79A6C5",
"versionEndIncluding": "8.40.2216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B23146CE-CE9D-4850-8169-D0C168A3D037",
"versionEndExcluding": "8.50.2831",
"versionStartIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12131674-A0E9-4A12-BA87-C9207DA8C34C",
"versionEndExcluding": "8.60.2347",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1E36DB-F15E-449A-A672-4853D31CE064",
"versionEndExcluding": "8.70.2185",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A438BA-DC52-4253-B5B6-4BE8CD7A1CCA",
"versionEndExcluding": "8.80.1192",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "110D9A0C-409D-4B1F-84B6-274B15D87CA3",
"versionEndExcluding": "8.90.1318",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n"
}
],
"id": "CVE-2023-25074",
"lastModified": "2024-11-21T07:49:03.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-25T00:15:09.637",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 22:15
Modified
2024-11-21 07:46
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C5386B5-7245-4F42-A0F9-10FBC8854D19",
"versionEndIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0605C7-4DC1-4F63-9987-D3320AC4D6A5",
"versionEndExcluding": "8.90.1620",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de seguridad del lado del servidor para el servidor Command Center por parte del cliente podr\u00eda omitirse y dar lugar a una configuraci\u00f3n no v\u00e1lida con un comportamiento indefinido. Este problema afecta: Gallagher Command Center 8.90 anterior a vEL8.90.1620 (MR2), todas las versiones 8.80 y anteriores."
}
],
"id": "CVE-2023-23570",
"lastModified": "2024-11-21T07:46:26.900",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.020",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-602"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-17 02:15
Modified
2024-11-21 04:35
Severity ?
Summary
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gallagher.com/cve-2019-19801 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gallagher.com/cve-2019-19801 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 7.80.960 | |
| gallagher | command_centre | 7.90.991 | |
| gallagher | command_centre | 8.00.1161 | |
| gallagher | command_centre | 8.10.1134 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F1560D6-CCAA-4FF6-A342-53F3BD108408",
"versionEndExcluding": "7.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4005F0E6-ED18-4DBE-8FDC-F6F40853CE43",
"versionEndExcluding": "7.80.960",
"versionStartIncluding": "7.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6093704-EB1F-4B41-A9BA-EAF5EBBE86E1",
"versionEndExcluding": "7.90.991",
"versionStartIncluding": "7.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8C50BE-CE33-47F5-87D7-72EC8A069C03",
"versionEndExcluding": "8.00.1161",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F25C56A-EFE0-407A-B682-E25C5665CAB5",
"versionEndExcluding": "8.10.1134",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.80.960:-:*:*:*:*:*:*",
"matchCriteriaId": "10E5A085-2298-4DF7-B7FE-3BDC5D2701D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.90.991:-:*:*:*:*:*:*",
"matchCriteriaId": "B374C701-59BA-4BDC-A2CD-5EE40A253746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1161:-:*:*:*:*:*:*",
"matchCriteriaId": "2BE2F182-7215-4A41-86F5-B8F6F307E779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1134:-:*:*:*:*:*:*",
"matchCriteriaId": "0676CE27-3D08-4619-89A6-7A17B37B3665",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases."
},
{
"lang": "es",
"value": "En Gallagher Command Center Server versiones v8.10 anteriores a v8.10.1134(MR4), versiones v8.00 anteriores a v8.00.1161(MR5), versiones v7.90 anteriores a v7.90.991(MR5), versiones v7.80 anteriores a v7.80.960(MR2) y versi\u00f3n v7.70 o anteriores, un usuario no privilegiado pero autenticado es capaz de realizar una copia de seguridad de las bases de datos de Command Center."
}
],
"id": "CVE-2019-19801",
"lastModified": "2024-11-21T04:35:25.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-17T02:15:11.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/cve-2019-19801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/cve-2019-19801"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:06
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.00.1228 | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.20.1166 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF24E0D-FEF8-4814-A689-50869362C70A",
"versionEndExcluding": "8.00.1228",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE",
"versionEndExcluding": "8.10.1211",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7DBECA-3C79-4346-AB66-B7538B230FE7",
"versionEndExcluding": "8.20.1166",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1228:-:*:*:*:*:*:*",
"matchCriteriaId": "B5A79B43-E943-44E2-B13A-64F955518C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*",
"matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*",
"matchCriteriaId": "3DACA47B-78DA-4ED5-A15B-04556FA11865",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service\u0027s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
},
{
"lang": "es",
"value": "Es posible que una conexi\u00f3n websocket DCOM remota no autenticada bloquee el hilo (o subproceso) del websocket DCOM del servicio Command Center debido a un cierre inapropiado de las conexiones websocket cerradas, impidiendo aceptar futuras conexiones websocket DCOM (Configuration Client).\u0026#xa0;Las versiones afectadas son v8.20 anterior a v8.20.1166(MR3), v8.10 anterior a v8.10.1211(MR5), v8.00 anterior a v8.00.1228(MR6), todas las versiones de 7.90 y anteriores"
}
],
"id": "CVE-2020-16100",
"lastModified": "2024-11-21T05:06:46.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T14:15:13.987",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-18 19:15
Modified
2024-11-21 05:51
Severity ?
5.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C243E5FD-5A7C-4104-AF17-59192C34374A",
"versionEndExcluding": "8.50.2048",
"versionStartIncluding": "8.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;"
},
{
"lang": "es",
"value": "Una vulnerabilidad de la ruta de servicio no citada en el servicio de controlador de Gallagher permite a un usuario no privilegiado ejecutar c\u00f3digo arbitrario como la cuenta que ejecuta el servicio de controlador. Este problema afecta a: Las versiones de Gallagher Command Centre 8.50 anteriores a la 8.50.2048 (MR3) ;"
}
],
"id": "CVE-2021-23197",
"lastModified": "2024-11-21T05:51:21.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 2.7,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-18T19:15:08.190",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-20 06:15
Modified
2024-11-21 05:36
Severity ?
Summary
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gallagher.com/cve-2020-7215 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gallagher.com/cve-2020-7215 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 7.90.991 | |
| gallagher | command_centre | 8.00.1161 | |
| gallagher | command_centre | 8.10.1134 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5D71D9-ECE3-49AB-BE6E-62390C018B6F",
"versionEndExcluding": "7.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6093704-EB1F-4B41-A9BA-EAF5EBBE86E1",
"versionEndExcluding": "7.90.991",
"versionStartIncluding": "7.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8C50BE-CE33-47F5-87D7-72EC8A069C03",
"versionEndExcluding": "8.00.1161",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F25C56A-EFE0-407A-B682-E25C5665CAB5",
"versionEndExcluding": "8.10.1134",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.90.991:-:*:*:*:*:*:*",
"matchCriteriaId": "B374C701-59BA-4BDC-A2CD-5EE40A253746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1161:-:*:*:*:*:*:*",
"matchCriteriaId": "2BE2F182-7215-4A41-86F5-B8F6F307E779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1134:-:*:*:*:*:*:*",
"matchCriteriaId": "0676CE27-3D08-4619-89A6-7A17B37B3665",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the \u0027view events\u0027 privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Gallagher Command Center versiones 7.x anteriores a 7.90.991(MR5), versiones 8.00 anteriores a 8.00.1161(MR5) y versiones 8.10 anteriores a 8.10.1134(MR4). Los datos de configuraci\u00f3n del sistema externo (utilizados para integraciones de terceros, tales como los sistemas DVR) fueron registrados en el registro de eventos de Command Centre. Cualquier operador autenticado con el privilegio \"view events\" podr\u00eda visualizar la configuraci\u00f3n completa, incluyendo los nombres de usuario y contrase\u00f1as en texto sin cifrar, bajo los detalles de evento de un evento Modified DVR System."
}
],
"id": "CVE-2020-7215",
"lastModified": "2024-11-21T05:36:50.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-20T06:15:11.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/cve-2020-7215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/cve-2020-7215"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-28 12:15
Modified
2024-11-21 04:28
Severity ?
Summary
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gallagher.com/CVE-2019-15294 | Vendor Advisory | |
| cve@mitre.org | https://security.gallagher.com/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gallagher.com/CVE-2019-15294 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gallagher.com/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C46FC9C3-8137-491D-AB5E-F36707F91AAB",
"versionEndExcluding": "8.10.1092",
"versionStartIncluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Gallagher Command Center versiones 8.10 anteriores a 8.10.1092 (MR2). Luego de una actualizaci\u00f3n, si una cuenta de servicio personalizado est\u00e1 en uso y el servicio de administraci\u00f3n de visitantes est\u00e1 instalado, el nombre de usuario y la contrase\u00f1a de Windows para este servicio son registrados en texto sin cifrar en el archivo Command_centre.log."
}
],
"id": "CVE-2019-15294",
"lastModified": "2024-11-21T04:28:23.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-28T12:15:12.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/CVE-2019-15294"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/CVE-2019-15294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/security-advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:06
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 7.80.960 | |
| gallagher | command_centre | 7.90.991 | |
| gallagher | command_centre | 8.00.1161 | |
| gallagher | command_centre | 8.10.1134 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4005F0E6-ED18-4DBE-8FDC-F6F40853CE43",
"versionEndExcluding": "7.80.960",
"versionStartIncluding": "7.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6093704-EB1F-4B41-A9BA-EAF5EBBE86E1",
"versionEndExcluding": "7.90.991",
"versionStartIncluding": "7.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8C50BE-CE33-47F5-87D7-72EC8A069C03",
"versionEndExcluding": "8.00.1161",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F25C56A-EFE0-407A-B682-E25C5665CAB5",
"versionEndExcluding": "8.10.1134",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.80.960:-:*:*:*:*:*:*",
"matchCriteriaId": "10E5A085-2298-4DF7-B7FE-3BDC5D2701D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.90.991:-:*:*:*:*:*:*",
"matchCriteriaId": "B374C701-59BA-4BDC-A2CD-5EE40A253746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1161:-:*:*:*:*:*:*",
"matchCriteriaId": "2BE2F182-7215-4A41-86F5-B8F6F307E779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1134:-:*:*:*:*:*:*",
"matchCriteriaId": "0676CE27-3D08-4619-89A6-7A17B37B3665",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components."
},
{
"lang": "es",
"value": "Gallagher Command Center versiones 8.10 anteriores a 8.10.1134(MR4), versiones 8.00 anteriores a 8.00.1161(MR5), versiones 7.90 anteriores a 7.90.991(MR5), versiones 7.80 anteriores a 7.80.960(MR2), versiones 7.70 y anteriores, cualquier cuenta de operador presenta acceso a todos los datos que son replicados si el sistema estuviera (o est\u00e1) conectado a un entorno de varios servidores.\u0026#xa0;Esto puede incluir credenciales de texto plano para sistemas DVR y detalles de tarjetas usados para componentes de acceso f\u00edsico/alarma/per\u00edmetro"
}
],
"id": "CVE-2020-16096",
"lastModified": "2024-11-21T05:06:46.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T14:15:13.613",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:06
Severity ?
7.3 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 7.90.1038 | |
| gallagher | command_centre | 8.00.1228 | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.20.1093 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8D6403-45A4-42BD-AB15-AC90C5580356",
"versionEndExcluding": "7.90.1038",
"versionStartIncluding": "7.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF24E0D-FEF8-4814-A689-50869362C70A",
"versionEndExcluding": "8.00.1228",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE",
"versionEndExcluding": "8.10.1211",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4EE99E-7138-4228-8792-D4292507157F",
"versionEndExcluding": "8.20.1093",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:7.90.1038:-:*:*:*:*:*:*",
"matchCriteriaId": "37CD3909-D0B6-4DC7-94EB-0C6F73E37172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1228:-:*:*:*:*:*:*",
"matchCriteriaId": "B5A79B43-E943-44E2-B13A-64F955518C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*",
"matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1093:-:*:*:*:*:*:*",
"matchCriteriaId": "4E4EBA1D-3F39-4FCA-B7A1-E28A65C1811F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers."
},
{
"lang": "es",
"value": "En controladores que ejecutan versiones desde v8.20 anteriores a vCR8.20.200221b (distribuido en versi\u00f3n v8.20.1093(MR2)), versiones v8.10 anteriores a vGR8.10.179 (distribuido en versi\u00f3n v8.10.1211(MR5)), versiones v8.00 anteriores a vGR8 .00.165 (distribuido en versi\u00f3n v8.00.1228(MR6)), versiones v7.90 anteriores a vGR7.90.165 (distribuido en v7.90.1038(MRX)), versiones v7.80 o anteriores, es posible recuperar las claves del sitio usadas para proteger MIFARE Plus y Desfire por medio de puertos de depuraci\u00f3n en lectores de la Serie T"
}
],
"id": "CVE-2020-16097",
"lastModified": "2024-11-21T05:06:46.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.8,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T14:15:13.753",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:06
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.20.1093 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4EE99E-7138-4228-8792-D4292507157F",
"versionEndExcluding": "8.20.1093",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1093:-:*:*:*:*:*:*",
"matchCriteriaId": "4E4EBA1D-3F39-4FCA-B7A1-E28A65C1811F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect."
},
{
"lang": "es",
"value": "En Gallagher Command Center versiones v8.20 anteriores a v8.20.1093(MR2) es posible crear eventos Guard Tour que cuando se acced\u00edan por medio de cosas como reportes causan que los clientes se cuelguen o desconecten temporalmente"
}
],
"id": "CVE-2020-16099",
"lastModified": "2024-11-21T05:06:46.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T14:15:13.910",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:51
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18EA028F-CBED-4009-B2D4-3386CDD2FC7F",
"versionEndIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95D4CF5-6A49-45A4-A145-D12ACCA0FF6C",
"versionEndExcluding": "8.20.1259",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8A27CD-C93A-4ED5-AECE-39EB05788C5B",
"versionEndExcluding": "8.30.1359",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2157A0E-4B51-4D16-8A6E-0FC711C1961B",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Autorizaci\u00f3n Inapropiada en Gallagher Command Centre Server, permite a las macros de la l\u00ednea de comandos ser modificados por un Operador de Command Centre no autorizado. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 y anteriores"
}
],
"id": "CVE-2021-23140",
"lastModified": "2024-11-21T05:51:16.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T16:15:12.057",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23140"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:51
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9F40BF-DE68-4155-A1B9-A4D5F88596D7",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Almacenamiento de Texto sin Cifrar de Informaci\u00f3n Confidencial en la Memoria en Gallagher Command Center Server, permite a las claves maestras de los lectores de OSDP puedan ser detectadas en los volcados de memoria del servidor. Este problema afecta a: Gallagher Command Center versiones 8.40 anteriores a 8.40.1888 (MR3); todas las versiones 8.30"
}
],
"id": "CVE-2021-23182",
"lastModified": "2024-11-21T05:51:20.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T16:15:12.117",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-316"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-18 18:15
Modified
2024-11-21 05:51
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDEAA9-8012-4149-9D76-77E41CB4DD10",
"versionEndIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF235EFE-6917-49A6-A07D-7CFEFEA7667E",
"versionEndExcluding": "8.30.1454",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8361A06-0547-48D0-9D87-3827611D1AB6",
"versionEndExcluding": "8.40.2063",
"versionStartIncluding": "8.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C243E5FD-5A7C-4104-AF17-59192C34374A",
"versionEndExcluding": "8.50.2048",
"versionStartIncluding": "8.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de certificados inapropiada en el cliente SMTP permite que un ataque de tipo man-in-the-middle recupere informaci\u00f3n confidencial del servidor del centro de mando. Este problema afecta a: Gallagher Command Centre versiones 8.50 anteriores a 8.50.2048 (MR3); versiones 8.40 anteriores a 8.40.2063 (MR4); versiones 8.30 anteriores a 8.30.1454 (MR4) ; versi\u00f3n 8.20 y anteriores"
}
],
"id": "CVE-2021-23167",
"lastModified": "2024-11-21T05:51:18.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.3,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-18T18:15:08.597",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 03:15
Modified
2025-02-10 22:33
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CB4E79-0153-4DB1-BE98-91A39FB06C5A",
"versionEndIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA675A52-8CC9-4A20-8EB1-7A066FB8E3C0",
"versionEndExcluding": "8.70.2526",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCEEB9A-DB54-4FFB-A596-29E7329958F3",
"versionEndExcluding": "8.80.1526",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5770EF66-119E-414B-9188-53D5935D8CFC",
"versionEndExcluding": "8.90.1751",
"versionStartIncluding": "8.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC849EB3-3967-4018-B28E-83C39E99BB6A",
"versionEndExcluding": "9.00.1774",
"versionStartIncluding": "9.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales en la salida (CWE-74) utilizados por la funci\u00f3n de generaci\u00f3n de correo electr\u00f3nico de Command Centre Server podr\u00eda provocar la inyecci\u00f3n de c\u00f3digo HTML en los correos electr\u00f3nicos generados por Command Center. Este problema afecta a: Gallagher Command Center 9.00 anterior a vEL9.00.1774 (MR2), 8.90 anterior a vEL8.90.1751 (MR3), 8.80 anterior a vEL8.80.1526 (MR4), 8.70 anterior a vEL8.70.2526 (MR6), todas las versiones de 8.60 y anteriores."
}
],
"id": "CVE-2024-21838",
"lastModified": "2025-02-10T22:33:35.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-05T03:15:06.280",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 22:15
Modified
2024-11-21 07:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.
This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20DE4B8C-B06D-4A8E-A608-CCCC7DC60A22",
"versionEndExcluding": "8.60.2039",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03086229-3EDC-4DE2-8B53-9F7CA574D0CF",
"versionEndExcluding": "8.70.1787",
"versionStartIncluding": "8.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \n\nThis issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\n\n"
},
{
"lang": "es",
"value": "Una discrepancia de respuesta observable en la API REST de Gallagher Command Centre permite a un usuario sin privilegios suficientes inferir la presencia de elementos que de otro modo no ser\u00edan visibles. Este problema afecta: Gallagher Command Center 8.70 anterior a vEL8.70.1787 (MR2), 8.60 anterior a vEL8.60.2039 (MR4), todas las versiones de 8.50 y anteriores."
}
],
"id": "CVE-2023-23584",
"lastModified": "2024-11-21T07:46:28.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.407",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-18 19:15
Modified
2024-11-21 05:51
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18EA028F-CBED-4009-B2D4-3386CDD2FC7F",
"versionEndIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA563A16-4C9F-4091-A275-5F148CA885C5",
"versionEndExcluding": "8.20.1291",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF235EFE-6917-49A6-A07D-7CFEFEA7667E",
"versionEndExcluding": "8.30.1454",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8361A06-0547-48D0-9D87-3827611D1AB6",
"versionEndExcluding": "8.40.2063",
"versionStartIncluding": "8.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C243E5FD-5A7C-4104-AF17-59192C34374A",
"versionEndExcluding": "8.50.2048",
"versionStartIncluding": "8.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de privilegios inapropiada en la interfaz COM del el servicio de controlador de Gallagher permite a operadores no privilegiados autenticados recuperar informaci\u00f3n confidencial del Servidor del Centro de Comando. Este problema afecta a: Las versiones de Gallagher Command Centre 8.50 anteriores a 8.50.2048 (MR3) ; las versiones 8.40 anteriores a 8.40.2063 (MR4); las versiones 8.30 anteriores a 8.30.1454 (MR4) ; las versiones 8.20 anteriores a 8.20.1291 (MR6); la versi\u00f3n 8.10 y anteriores."
}
],
"id": "CVE-2021-23193",
"lastModified": "2024-11-21T05:51:21.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-18T19:15:07.877",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:51
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.10.1284 | |
| gallagher | command_centre | 8.20.1259 | |
| gallagher | command_centre | 8.30.1359 | |
| gallagher | command_centre | 8.40.1888 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63D6F225-FF42-4B2A-9CAE-0DF2366F28E3",
"versionEndIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "265809A9-AA8A-41E1-A3A7-E1CC6157D087",
"versionEndExcluding": "8.10.1284",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95D4CF5-6A49-45A4-A145-D12ACCA0FF6C",
"versionEndExcluding": "8.20.1259",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8A27CD-C93A-4ED5-AECE-39EB05788C5B",
"versionEndExcluding": "8.30.1359",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2157A0E-4B51-4D16-8A6E-0FC711C1961B",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1284:-:*:*:*:*:*:*",
"matchCriteriaId": "D8C88566-E97C-46A1-97A9-842B68B2B255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1259:-:*:*:*:*:*:*",
"matchCriteriaId": "3C951E03-F376-4D1B-92EB-29D8EDF3088C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1359:-:*:*:*:*:*:*",
"matchCriteriaId": "9C4D6597-1327-443C-9D8A-DADD1DCFB527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.40.1888:-:*:*:*:*:*:*",
"matchCriteriaId": "BEAAFEE0-3595-47D2-9B84-7A56320C7FE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Inyecci\u00f3n SQL en la interfaz OPCUA de Gallagher Command Centre, permite a un operador remoto no privilegiado de Command Centre modificar las bases de datos de Command Centre sin ser detectado. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 anteriores a 8.10.1284 (MR7); versiones 8.00 y anteriores"
}
],
"id": "CVE-2021-23230",
"lastModified": "2024-11-21T05:51:24.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T16:15:12.367",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-05 03:15
Modified
2025-02-10 22:36
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CB4E79-0153-4DB1-BE98-91A39FB06C5A",
"versionEndIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA675A52-8CC9-4A20-8EB1-7A066FB8E3C0",
"versionEndExcluding": "8.70.2526",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCEEB9A-DB54-4FFB-A596-29E7329958F3",
"versionEndExcluding": "8.80.1526",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5770EF66-119E-414B-9188-53D5935D8CFC",
"versionEndExcluding": "8.90.1751",
"versionStartIncluding": "8.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC849EB3-3967-4018-B28E-83C39E99BB6A",
"versionEndExcluding": "9.00.1774",
"versionStartIncluding": "9.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
},
{
"lang": "es",
"value": "Las credenciales insuficientemente protegidas (CWE-522) para integraciones de DVR de terceros al Command Center Server son accesibles para usuarios autenticados pero sin privilegios. Este problema afecta a: Gallagher Command Center 9.00 anterior a vEL9.00.1774 (MR2), 8.90 anterior a vEL8.90.1751 (MR3), 8.80 anterior a vEL8.80.1526 (MR4), 8.70 anterior a vEL8.70.2526 (MR6), todas las versiones de 8.60 y anteriores."
}
],
"id": "CVE-2024-21815",
"lastModified": "2025-02-10T22:36:41.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-05T03:15:06.060",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 22:15
Modified
2024-11-21 07:44
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.
This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3183049E-D5F5-416E-B5B6-140B02510BC0",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "162DF4B0-4F15-48D0-9D67-2AD509FD1FAD",
"versionEndExcluding": "8.60.231116a",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30EEB0FF-D2F2-47DA-9666-6532730B195F",
"versionEndExcluding": "8.70.231204a",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11F6F34-20E1-4BF8-BA36-819F2B153320",
"versionEndExcluding": "8.80.231204a",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gallagher:controller_6000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "715CA029-60DF-422B-90BA-C806DCE041FC",
"versionEndExcluding": "8.90.231204a",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23C4F969-A44F-40D6-A92B-56A2653A0786",
"versionEndIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "189BCB50-4E9F-4E0B-B03F-D703BD14B6C9",
"versionEndExcluding": "8.60.231116a",
"versionStartIncluding": "8.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63286868-84A7-492C-8F48-E0FB883C5666",
"versionEndExcluding": "8.70.231204a",
"versionStartIncluding": "8.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48DE400E-2C3D-485C-8C8E-DA79BC155E7F",
"versionEndExcluding": "8.80.231204a",
"versionStartIncluding": "8.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14A61AE2-E3D1-4BEE-B5E1-361E6E0A617E",
"versionEndExcluding": "8.90.231204a",
"versionStartIncluding": "8.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:gallagher:controller_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF2B03B-B033-439F-8CEE-334FA8053278",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:gallagher:controller_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F7F6A6-8F69-45C1-A59D-D9FB3FD0C1C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u00a0optional\u00a0diagnostic web interface (Port 80)\u00a0can be used to perform a Denial of Service of the diagnostic web interface.\n\nThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n"
},
{
"lang": "es",
"value": "Se puede utilizar una validaci\u00f3n de entrada incorrecta de una solicitud HTTP grande en la interfaz web de diagn\u00f3stico opcional de Controller 6000 y Controller 7000 (puerto 80) para realizar una denegaci\u00f3n de servicio de la interfaz web de diagn\u00f3stico. Este problema afecta a: \nGallagher Controller 6000 y 7000 8.90 antes de vCR8.90.231204a (distribuido en 8.90.1620 (MR2)), \n8.80 antes de vCR8.80.231204a (distribuido en 8.80.1369 (MR3)), \n8.70 antes de vCR8. 70.231204a (distribuido en 8.70.2375 (MR5)), \n8.60 antes de vCR8.60.231116a (distribuido en 8.60.2550 (MR7)), \ntodas las versiones de 8.50 y anteriores."
}
],
"id": "CVE-2023-22439",
"lastModified": "2024-11-21T07:44:48.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:07.807",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:06
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.00.1228 | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.20.1166 | |
| gallagher | command_centre | 8.30.1236 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF24E0D-FEF8-4814-A689-50869362C70A",
"versionEndExcluding": "8.00.1228",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE",
"versionEndExcluding": "8.10.1211",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7DBECA-3C79-4346-AB66-B7538B230FE7",
"versionEndExcluding": "8.20.1166",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DEE3F1-6EE3-4D31-BDF2-648F45C0EC20",
"versionEndExcluding": "8.30.1236",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1228:-:*:*:*:*:*:*",
"matchCriteriaId": "B5A79B43-E943-44E2-B13A-64F955518C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*",
"matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*",
"matchCriteriaId": "3DACA47B-78DA-4ED5-A15B-04556FA11865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:-:*:*:*:*:*:*",
"matchCriteriaId": "34322F73-2AEF-4920-96DD-B138125A0660",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported."
},
{
"lang": "es",
"value": "Es posible enumerar las credenciales de la tarjeta de acceso por medio de una conexi\u00f3n de red no autenticada en el servidor en Command Center versiones v8.20 anteriores a v8.20.1166(MR3), versiones de 8.10 anteriores a v8.10.1211(MR5), versiones de 8.00 anteriores a v8.00.1228(MR6), todas las versiones de 7.90 y anteriores.\u0026#xa0;Estas credenciales pueden ser usadas para codificar tarjetas de poca seguridad que puedan ser usadas por el sistema donde son admitidas tecnolog\u00edas de tarjetas no seguras"
}
],
"id": "CVE-2020-16098",
"lastModified": "2024-11-21T05:06:46.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T14:15:13.833",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 22:15
Modified
2024-11-21 08:29
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Summary
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.
This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | 9.00.1507 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "516A63FB-0145-4EAE-BAF5-2724C1F9F24D",
"versionEndExcluding": "9.00.1507",
"versionStartIncluding": "9.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:9.00.1507:-:*:*:*:*:*:*",
"matchCriteriaId": "7B79DE16-27CB-4D2D-AEDC-3CA2D4ACC5C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"
},
{
"lang": "es",
"value": "Un usuario privilegiado podr\u00eda aprovechar la dependencia de entradas sin confianza en una decisi\u00f3n de seguridad para configurar el Gallagher Command Centre Diagnostics Service para utilizar protocolos de comunicaci\u00f3n menos seguros. Este problema afecta: Gallagher Diagnostics Service anterior a v1.3.0 (distribuido en 9.00.1507(MR1))."
}
],
"id": "CVE-2023-46686",
"lastModified": "2024-11-21T08:29:04.360",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T22:15:08.967",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-807"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-06 17:15
Modified
2024-11-21 06:53
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDEAA9-8012-4149-9D76-77E41CB4DD10",
"versionEndIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B661AF12-667B-4470-984E-AC109FE1B4A2",
"versionEndExcluding": "8.30.1470",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D083D37-176B-4A15-83D9-0486A2355D83",
"versionEndExcluding": "8.40.2216",
"versionStartIncluding": "8.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3A5031-A6FF-4A4F-8B2F-14389BA76F0E",
"versionEndExcluding": "8.50.2245",
"versionStartIncluding": "8.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58EF5C9C-9377-44A2-9EA8-664650955786",
"versionEndExcluding": "8.60.1652",
"versionStartIncluding": "8.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."
},
{
"lang": "es",
"value": "Command Centre Server es vulnerable a una inyecci\u00f3n SQL por medio de la configuraci\u00f3n del Registro de Windows para los campos de fecha en el servidor. La configuraci\u00f3n del Registro de Windows permite a un atacante usando el Kiosco de Administraci\u00f3n de Visitantes, una aplicaci\u00f3n dise\u00f1ada para uso p\u00fablico, invocar una consulta SQL arbitraria que ha sido precargada en el registro del Servidor de Windows para obtener informaci\u00f3n confidencial. Este problema afecta a: Gallagher Command Centre versiones 8.60 anteriores a 8.60.1652; versiones 8.50 anteriores a 8.50.2245; versiones 8.40 anteriores a 8.40.2216; versiones 8.30 anteriores a 8.30.1470; versiones 8.20 y anteriores"
}
],
"id": "CVE-2022-26348",
"lastModified": "2024-11-21T06:53:48.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T17:15:07.937",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:51
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18EA028F-CBED-4009-B2D4-3386CDD2FC7F",
"versionEndIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95D4CF5-6A49-45A4-A145-D12ACCA0FF6C",
"versionEndExcluding": "8.20.1259",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8A27CD-C93A-4ED5-AECE-39EB05788C5B",
"versionEndExcluding": "8.30.1359",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2157A0E-4B51-4D16-8A6E-0FC711C1961B",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
},
{
"lang": "es",
"value": "Una Codificaci\u00f3n o Escape inapropiados en Gallagher Command Centre Server, permiten a un Operador de Command Centre alterar la configuraci\u00f3n de los Controladores y otros elementos de hardware m\u00e1s all\u00e1 de sus privilegios. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 y anteriores"
}
],
"id": "CVE-2021-23205",
"lastModified": "2024-11-21T05:51:22.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T16:15:12.243",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:51
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2157A0E-4B51-4D16-8A6E-0FC711C1961B",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Almacenamiento en Texto sin Cifrar de Informaci\u00f3n Confidencial en la Memoria en Gallagher Command Centre Server, permite a la clave de cifrado de Cloud de extremo a extremo ser detectada en los volcados de memoria del servidor. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3)"
}
],
"id": "CVE-2021-23211",
"lastModified": "2024-11-21T05:51:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T16:15:12.303",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-316"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:06
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.20.1166 | |
| gallagher | command_centre | 8.20.1166 | |
| gallagher | command_centre | 8.30.1236 | |
| gallagher | command_centre | 8.30.1236 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63D6F225-FF42-4B2A-9CAE-0DF2366F28E3",
"versionEndIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE",
"versionEndExcluding": "8.10.1211",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7DBECA-3C79-4346-AB66-B7538B230FE7",
"versionEndExcluding": "8.20.1166",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DEE3F1-6EE3-4D31-BDF2-648F45C0EC20",
"versionEndExcluding": "8.30.1236",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*",
"matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:maintenance_release5:*:*:*:*:*:*",
"matchCriteriaId": "4AE5C9DA-0A88-4A55-9395-7C2D357D9FF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*",
"matchCriteriaId": "3DACA47B-78DA-4ED5-A15B-04556FA11865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "38E86AF8-3460-4007-B5A2-0E4EA3F42974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:-:*:*:*:*:*:*",
"matchCriteriaId": "34322F73-2AEF-4920-96DD-B138125A0660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "784CE63C-BE80-4111-9A56-6CD03CAE6E0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions."
},
{
"lang": "es",
"value": "Una confusi\u00f3n de tipos en Gallagher Command Center Server, permite a un atacante remoto bloquear el servidor o posiblemente causar una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236 (MR1);\u0026#xa0;versiones 8.20 anteriores a 8.20.1166(MR3);\u0026#xa0;versiones 8.10 anteriores a 8.10.1211(MR5);\u0026#xa0;versi\u00f3n 8.00 y versiones anteriores."
}
],
"id": "CVE-2020-16103",
"lastModified": "2024-11-21T05:06:47.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T20:15:12.170",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:51
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18EA028F-CBED-4009-B2D4-3386CDD2FC7F",
"versionEndIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A95D4CF5-6A49-45A4-A145-D12ACCA0FF6C",
"versionEndExcluding": "8.20.1259",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8A27CD-C93A-4ED5-AECE-39EB05788C5B",
"versionEndExcluding": "8.30.1359",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2157A0E-4B51-4D16-8A6E-0FC711C1961B",
"versionEndExcluding": "8.40.1888",
"versionStartIncluding": "8.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Autorizaci\u00f3n inapropiada en Gallagher Command Centre Server permite que un Operador del Centro de Comando no privilegiado llevar a cabo anulaciones de macros. Este problema afecta a: Gallagher Command Centre versiones 8.40 anteriores a 8.40.1888 (MR3); versiones 8.30 anteriores a 8.30.1359 (MR3); versiones 8.20 anteriores a 8.20.1259 (MR5); versiones 8.10 y anteriores"
}
],
"id": "CVE-2021-23136",
"lastModified": "2024-11-21T05:51:16.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T16:15:11.993",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23136"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-15 14:15
Modified
2024-11-21 05:06
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.00.1228 | |
| gallagher | command_centre | 8.10.1211 | |
| gallagher | command_centre | 8.20.1166 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF24E0D-FEF8-4814-A689-50869362C70A",
"versionEndExcluding": "8.00.1228",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE",
"versionEndExcluding": "8.10.1211",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7DBECA-3C79-4346-AB66-B7538B230FE7",
"versionEndExcluding": "8.20.1166",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1228:-:*:*:*:*:*:*",
"matchCriteriaId": "B5A79B43-E943-44E2-B13A-64F955518C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*",
"matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*",
"matchCriteriaId": "3DACA47B-78DA-4ED5-A15B-04556FA11865",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
},
{
"lang": "es",
"value": "Es posible que una conexi\u00f3n websocket DCOM remota no autenticada bloquee el servicio Command Center debido a un acceso al b\u00fafer fuera de l\u00edmites.\u0026#xa0;Las versiones afectadas son v8.20 anterior a v8.20.1166(MR3), v8.10 anterior a v8.10.1211(MR5), v8.00 anterior a v8.00.1228(MR6), todas las versiones desde 7.90 y anteriores"
}
],
"id": "CVE-2020-16101",
"lastModified": "2024-11-21T05:06:46.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-15T14:15:14.097",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-805"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-06 20:29
Modified
2024-11-21 04:22
Severity ?
Summary
Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.gallagher.com/CVE-2019-12492 | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://security.gallagher.com/security-advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gallagher.com/CVE-2019-12492 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gallagher.com/security-advisories | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF7DF9C-7C50-4B6F-9790-603C129A8B65",
"versionEndExcluding": "7.80.939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE92845-2ABE-4A9F-B66D-638094A4E899",
"versionEndExcluding": "7.90.961",
"versionStartIncluding": "7.90.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B6CB8C-D6C8-4C19-83E6-2358FCC081D3",
"versionEndExcluding": "8.00.1128",
"versionStartIncluding": "8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services."
},
{
"lang": "es",
"value": "Gallagher Command Center anterior de 7.80.939, 7.90.x anterior de 7.90.961, y 8.x anterior de las 8.00.1128 permite la creaci\u00f3n de eventos arbitrarios y la revelaci\u00f3n de informaci\u00f3n a trav\u00e9s de los servicios FT Command Center Service y FT Controller Service."
}
],
"id": "CVE-2019-12492",
"lastModified": "2024-11-21T04:22:57.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T20:29:02.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://security.gallagher.com/CVE-2019-12492"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/security-advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://security.gallagher.com/CVE-2019-12492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/security-advisories"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:06
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | * | |
| gallagher | command_centre | 8.00.1252 | |
| gallagher | command_centre | 8.00.1252 | |
| gallagher | command_centre | 8.10.1253 | |
| gallagher | command_centre | 8.10.1253 | |
| gallagher | command_centre | 8.20.1218 | |
| gallagher | command_centre | 8.20.1218 | |
| gallagher | command_centre | 8.30.1299 | |
| gallagher | command_centre | 8.30.1299 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC327DD-614D-4F03-B77A-941EFE1269F3",
"versionEndExcluding": "7.90.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "484DE0E5-B3A6-45BF-9765-95A2579A077A",
"versionEndExcluding": "8.00.1252",
"versionStartIncluding": "8.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD0CD44-58B8-4BA4-9F8D-3A25E984F3B2",
"versionEndExcluding": "8.10.1253",
"versionStartIncluding": "8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAE071C-1C1B-49A0-9ED9-5A245D4C127D",
"versionEndExcluding": "8.20.1218",
"versionStartIncluding": "8.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE22EE9E-C228-4C51-BD4E-E67F7C6118A6",
"versionEndExcluding": "8.30.1299",
"versionStartIncluding": "8.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1252:-:*:*:*:*:*:*",
"matchCriteriaId": "60D924CC-E467-4CDC-9879-5C4CF7D59350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1252:maintenance_release7:*:*:*:*:*:*",
"matchCriteriaId": "2F6F0395-D22D-47AD-92E1-8A05FEB66C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1253:-:*:*:*:*:*:*",
"matchCriteriaId": "930BFF65-C8F9-4CF2-BEF4-9D7DA65C6A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1253:maintenance_release6:*:*:*:*:*:*",
"matchCriteriaId": "42B951CF-1EE2-4C83-9C34-8DC9800572CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1218:-:*:*:*:*:*:*",
"matchCriteriaId": "B8C3278B-BBB3-43E5-AA9F-7575F5C815DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1218:maintenance_release4:*:*:*:*:*:*",
"matchCriteriaId": "55231378-5292-43B2-90FE-6E6FE5FF18A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1299:-:*:*:*:*:*:*",
"matchCriteriaId": "C9908088-8A0A-4CFA-B539-5B1266D27074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1299:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "B5857DDB-BF50-4047-8698-1F15CF9EBBEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en Gallagher Command Center Server, permite a un atacante remoto no autenticado crear elementos con una configuraci\u00f3n no v\u00e1lida, causando potencialmente que el servidor se bloquee y que no vuelva a reiniciar.\u0026#xa0;Este problema afecta a: Gallagher Command Centre versiones 8.30 anteriores a 8.30.1299(MR2); versiones 8.20 anteriores a 8.20.1218(MR4); versiones 8.10 anteriores a 8.10.1253(MR6); versiones 8.00 anteriores a 8.00.1252(MR7); versi\u00f3n 7.90 y anteriores"
}
],
"id": "CVE-2020-16102",
"lastModified": "2024-11-21T05:06:46.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-14T20:15:12.060",
"references": [
{
"source": "disclosures@gallagher.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"
}
],
"sourceIdentifier": "disclosures@gallagher.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "disclosures@gallagher.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-23167 (GCVE-0-2021-23167)
Vulnerability from cvelistv5
Published
2021-11-18 18:00
Modified
2024-09-17 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.50 < 8.50.2048 (MR3) Version: 8.40 < 8.40.2063 (MR4) Version: 8.30 < 8.30.1454 (MR4) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2063 (MR4)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1454 (MR4)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:00:40",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2063 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1454 (MR4)"
},
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23167"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23167",
"datePublished": "2021-11-18T18:00:40.281044Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-17T02:05:57.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16102 (GCVE-0-2020-16102)
Vulnerability from cvelistv5
Published
2020-12-14 19:26
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.30 < 8.30.1299(MR2) Version: 8.20 < 8.20.1218(MR4) Version: 8.10 < 8.10.1253(MR6) Version: 8.00 < 8.00.1252(MR7) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.30.1299(MR2)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1218(MR4)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1253(MR6)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1252(MR7)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-15T21:29:13",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1299(MR2)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1218(MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1253(MR6)"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "8.00.1252(MR7)"
},
{
"version_affected": "\u003c=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16102",
"datePublished": "2020-12-14T19:26:18",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21815 (GCVE-0-2024-21815)
Vulnerability from cvelistv5
Published
2024-03-05 03:09
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Version: 0 < Version: 9.00 < vEL9.00.1774 (MR2) Version: 8.90 < vEL8.90.1751 (MR3) Version: 8.80 < vEL8.80.1526 (MR4) Version: 8.70 < vEL8.70.2526 (MR6) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:09:09.796526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:15.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.1774 (MR2)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.1751 (MR3)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1526 (MR4)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vEL8.70.2526 (MR6)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly sites with DVR integrations are affected. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOnly sites with DVR integrations are affected. \n\n\n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u0026nbsp;all version of 8.60 and prior.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T03:09:52.505Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-21815",
"datePublished": "2024-03-05T03:09:52.505Z",
"dateReserved": "2024-02-05T04:16:48.019Z",
"dateUpdated": "2024-08-01T22:27:36.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16098 (GCVE-0-2020-16098)
Vulnerability from cvelistv5
Published
2020-09-15 13:22
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.20 < 8.20.1166(MR3) Version: 8.10 < 8.10.1211(MR5) Version: 8.00 < 8.00.1228(MR6) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.20.1166(MR3)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1211(MR5)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1228(MR6)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T13:22:55",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1166(MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1211(MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "8.00.1228(MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16098",
"datePublished": "2020-09-15T13:22:55",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23197 (GCVE-0-2021-23197)
Vulnerability from cvelistv5
Published
2021-11-18 18:01
Modified
2024-09-16 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-428 - Unquoted Search Path or Element
Summary
Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: 8.50 < 8.50.2048 (MR3) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:01:52",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23197"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23197",
"datePublished": "2021-11-18T18:01:52.750598Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-16T18:17:45.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26348 (GCVE-0-2022-26348)
Vulnerability from cvelistv5
Published
2022-07-06 16:29
Modified
2024-08-03 05:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.60 < 8.60.1652 Version: 8.50 < 8.50.2245 Version: 8.40 < 8.40.2216 Version: 8.30 < 8.30.1470 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.60.1652",
"status": "affected",
"version": "8.60",
"versionType": "custom"
},
{
"lessThan": "8.50.2245",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2216",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1470",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T16:29:59",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2022-26348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.60",
"version_value": "8.60.1652"
},
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2245"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2216"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1470"
},
{
"version_affected": "\u003c=",
"version_value": "8.20"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2022-26348"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2022-26348",
"datePublished": "2022-07-06T16:29:59",
"dateReserved": "2022-03-04T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23193 (GCVE-0-2021-23193)
Vulnerability from cvelistv5
Published
2021-11-18 18:02
Modified
2024-09-17 02:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.50 < 8.50.2048 (MR3) Version: 8.40 < 8.40.2063 (MR4) Version: 8.30 < 8.30.1454 (MR4) Version: 8.20 < 8.20.1291 (MR6) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.50.2048 (MR3)",
"status": "affected",
"version": "8.50",
"versionType": "custom"
},
{
"lessThan": "8.40.2063 (MR4)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1454 (MR4)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1291 (MR6)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-18T18:02:43",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.50",
"version_value": "8.50.2048 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.2063 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1454 (MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1291 (MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23193"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23193",
"datePublished": "2021-11-18T18:02:43.319367Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-17T02:46:48.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16097 (GCVE-0-2020-16097)
Vulnerability from cvelistv5
Published
2020-09-15 13:19
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: vCR8.20 < vCR8.20.200221b Version: 8.10 < vGR8.10.179 Version: 8.00 < vGR8.00.165 Version: 7.90 < vGR7.90.1038 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "vGR7.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "vCR8.20.200221b",
"status": "affected",
"version": "vCR8.20",
"versionType": "custom"
},
{
"lessThan": "vGR8.10.179",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "vGR8.00.165",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "vGR7.90.1038",
"status": "affected",
"version": "7.90",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthew Daley of Aura Information Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T13:19:56",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "vCR8.20",
"version_value": "vCR8.20.200221b"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "vGR8.10.179"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "vGR8.00.165"
},
{
"version_affected": "\u003c",
"version_name": "7.90",
"version_value": "vGR7.90.1038"
},
{
"version_affected": "\u003c=",
"version_value": "vGR7.80"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthew Daley of Aura Information Security"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16097"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16097",
"datePublished": "2020-09-15T13:19:56",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22428 (GCVE-0-2023-22428)
Vulnerability from cvelistv5
Published
2023-07-24 22:44
Modified
2024-10-17 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: vEL8.80 < 1192 Version: vEL8.70 < 2185 Version: vEL8.60 < 2347 Version: vEL8.50 < 2831 Version: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:25.608720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:03:53.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T22:44:15.816Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22428"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22428",
"datePublished": "2023-07-24T22:44:15.816Z",
"dateReserved": "2023-02-03T20:38:05.249Z",
"dateUpdated": "2024-10-17T13:03:53.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23568 (GCVE-0-2023-23568)
Vulnerability from cvelistv5
Published
2023-07-25 01:31
Modified
2024-10-17 13:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.
This issue affects Command Centre: vEL
8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),
vEL8.70 prior to
vEL8.70.2185 (MR4),
vEL8.60 prior to
vEL8.60.2347 (MR6),
vEL8.50 prior to
vEL8.50.2831 (MR8), all versions
vEL8.40 and prior
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: vEL8.90 < 1318 Version: vEL8.80 < 1192 Version: vEL8.70 < 2185 Version: vEL8.60 < 2347 Version: vEL8.50 < 2831 Version: vEL8.40 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:07.162966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:05:39.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"status": "affected",
"version": "vEL8.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-25T01:31:59.175Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-23568"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23568",
"datePublished": "2023-07-25T01:31:59.175Z",
"dateReserved": "2023-02-03T20:38:05.273Z",
"dateUpdated": "2024-10-17T13:05:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23136 (GCVE-0-2021-23136)
Vulnerability from cvelistv5
Published
2021-06-11 15:46
Modified
2024-08-03 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.40 < 8.40.1888 (MR3) Version: 8.30 < 8.30.1359 (MR3) Version: 8.20 < 8.20.1259 (MR5) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:00",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23136"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23136",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23136"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23136",
"datePublished": "2021-06-11T15:46:00",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22439 (GCVE-0-2023-22439)
Vulnerability from cvelistv5
Published
2023-12-18 21:58
Modified
2024-08-02 10:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface.
This issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Controller 6000/ Controller 7000 |
Version: 0 < Version: 8.90 < vCR8.90.231204a Version: 8.80 < vCR8.80.231204a Version: 8.70 < vCR8.70.231204a Version: 8.60 < vCR8.60.231116a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller 6000/ Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR8.90.231204a",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vCR8.80.231204a",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vCR8.70.231204a",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "vCR8.60.231116a",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sebastian Toscano of Amazon Security"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kevin Schaller of Amazon Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eoptional\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ediagnostic web interface (Port 80)\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan be used to perform a Denial of Service of the diagnostic web interface.\u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nImproper input validation of a large HTTP request in the Controller 6000 and Controller 7000\u00a0optional\u00a0diagnostic web interface (Port 80)\u00a0can be used to perform a Denial of Service of the diagnostic web interface.\n\nThis issue affects: Gallagher Controller 6000 and 7000 8.90 prior to vCR8.90.231204a (distributed in 8.90.1620 (MR2)), 8.80 prior to vCR8.80.231204a (distributed in 8.80.1369 (MR3)), 8.70 prior to vCR8.70.231204a (distributed in 8.70.2375 (MR5)), 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:58:41.026Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-22439"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22439",
"datePublished": "2023-12-18T21:58:41.026Z",
"dateReserved": "2023-02-03T20:38:05.234Z",
"dateUpdated": "2024-08-02T10:07:06.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7215 (GCVE-0-2020-7215)
Vulnerability from cvelistv5
Published
2020-01-20 05:32
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/cve-2020-7215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the \u0027view events\u0027 privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-20T05:32:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/cve-2020-7215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the \u0027view events\u0027 privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/cve-2020-7215",
"refsource": "MISC",
"url": "https://security.gallagher.com/cve-2020-7215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7215",
"datePublished": "2020-01-20T05:32:30",
"dateReserved": "2020-01-16T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16099 (GCVE-0-2020-16099)
Vulnerability from cvelistv5
Published
2020-09-15 13:17
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: 8.20 < 8.20.1093(MR2) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.20.1093(MR2)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T13:17:49",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1093(MR2)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16099"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16099",
"datePublished": "2020-09-15T13:17:49",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16100 (GCVE-0-2020-16100)
Vulnerability from cvelistv5
Published
2020-09-15 13:21
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Improper Resource Shutdown or Release
Summary
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.20 < 8.20.1166 (MR3) Version: 8.10 < 8.10.1211 (MR5) Version: 8.00 < 8.00.1228 (MR6) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.20.1166 (MR3)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1211 (MR5)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1228 (MR6)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service\u0027s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T13:21:59",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1166 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1211 (MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "8.00.1228 (MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service\u0027s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16100"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16100",
"datePublished": "2020-09-15T13:21:59",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16101 (GCVE-0-2020-16101)
Vulnerability from cvelistv5
Published
2020-09-15 13:25
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Summary
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.20 < 8.20.1166 (MR3) Version: 8.10 < 8.10.1211 (MR5) Version: 8.00 < 8.00.1228 (MR6) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.20.1166 (MR3)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1211 (MR5)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1228 (MR6)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "CWE-805 Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T13:25:28",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1166 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1211 (MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "8.00.1228 (MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-805 Buffer Access with Incorrect Length Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16101"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16101",
"datePublished": "2020-09-15T13:25:28",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16104 (GCVE-0-2020-16104)
Vulnerability from cvelistv5
Published
2020-12-14 19:23
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.30 < 8.30.1236(MR1) Version: 8.20 < 8.20.1166(MR3) Version: 8.10 < 8.10.1211(MR5) Version: 8.00 < 8.00.1228(MR6) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.30.1236(MR1)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1166(MR3)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1211(MR5)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1228(MR6)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with \u0027Edit Enterprise Data Interfaces\u0027 privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T19:23:30",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16104"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1236(MR1)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1166(MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1211(MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "8.00.1228(MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with \u0027Edit Enterprise Data Interfaces\u0027 privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16104",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16104"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16104",
"datePublished": "2020-12-14T19:23:30",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23140 (GCVE-0-2021-23140)
Vulnerability from cvelistv5
Published
2021-06-11 15:46
Modified
2024-08-03 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.40 < 8.40.1888 (MR3) Version: 8.30 < 8.30.1359 (MR3) Version: 8.20 < 8.20.1259 (MR5) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23140"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23140",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23140"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23140",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23205 (GCVE-0-2021-23205)
Vulnerability from cvelistv5
Published
2021-06-11 15:46
Modified
2024-08-03 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.40 < 8.40.1888 (MR3) Version: 8.30 < 8.30.1359 (MR3) Version: 8.20 < 8.20.1259 (MR5) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c=",
"version_value": "8.10"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23205"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23205",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16096 (GCVE-0-2020-16096)
Vulnerability from cvelistv5
Published
2020-09-15 13:24
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.10 < 8.10.1134(MR4) Version: 8.00 < 8.00.1161(MR5) Version: 7.90 < 7.90.991(MR5) Version: 7.80 < 7.80.960(MR2) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.70",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.10.1134(MR4)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1161(MR5)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
},
{
"lessThan": "7.90.991(MR5)",
"status": "affected",
"version": "7.90",
"versionType": "custom"
},
{
"lessThan": "7.80.960(MR2)",
"status": "affected",
"version": "7.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T13:24:15",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1134(MR4)"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "8.00.1161(MR5)"
},
{
"version_affected": "\u003c",
"version_name": "7.90",
"version_value": "7.90.991(MR5)"
},
{
"version_affected": "\u003c",
"version_name": "7.80",
"version_value": "7.80.960(MR2)"
},
{
"version_affected": "\u003c=",
"version_value": "7.70"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16096"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16096",
"datePublished": "2020-09-15T13:24:15",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23146 (GCVE-0-2021-23146)
Vulnerability from cvelistv5
Published
2021-11-18 17:59
Modified
2024-09-17 02:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Center |
Version: 8.40 prior to 8.40.1888 (MR3) Version: 8.30 prior to 8.30.1359 (MR3) Version: 8.20 prior to 8.20.1259 (MR5) Version: 8.10 prior to 8.10.1284 (MR7) Version: 8.00 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Center",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "8.40 prior to 8.40.1888 (MR3)"
},
{
"status": "affected",
"version": "8.30 prior to 8.30.1359 (MR3)"
},
{
"status": "affected",
"version": "8.20 prior to 8.20.1259 (MR5)"
},
{
"status": "affected",
"version": "8.10 prior to 8.10.1284 (MR7)"
},
{
"status": "affected",
"version": "8.00 and prior"
}
]
}
],
"datePublic": "2021-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1023",
"description": "CWE-1023",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-29T16:55:25",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23146"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"DATE_PUBLIC": "2021-11-15T07:34:00.000Z",
"ID": "CVE-2021-23146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Center",
"version": {
"version_data": [
{
"version_value": "8.40 prior to 8.40.1888 (MR3)"
},
{
"version_value": "8.30 prior to 8.30.1359 (MR3)"
},
{
"version_value": "8.20 prior to 8.20.1259 (MR5)"
},
{
"version_value": "8.10 prior to 8.10.1284 (MR7)"
},
{
"version_value": "8.00 and prior"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1023"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23146",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23146"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23146",
"datePublished": "2021-11-18T17:59:56.770636Z",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-09-17T02:41:22.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19802 (GCVE-0-2019-19802)
Vulnerability from cvelistv5
Published
2020-01-17 02:00
Modified
2024-08-05 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.gallagher.com/cve-2019-19802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-17T02:00:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.gallagher.com/cve-2019-19802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/cve-2019-19802",
"refsource": "CONFIRM",
"url": "https://security.gallagher.com/cve-2019-19802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19802",
"datePublished": "2020-01-17T02:00:30",
"dateReserved": "2019-12-15T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15294 (GCVE-0-2019-15294)
Vulnerability from cvelistv5
Published
2019-08-28 11:06
Modified
2024-08-05 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:03.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.gallagher.com/CVE-2019-15294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-28T11:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/security-advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.gallagher.com/CVE-2019-15294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/security-advisories",
"refsource": "MISC",
"url": "https://security.gallagher.com/security-advisories"
},
{
"name": "https://security.gallagher.com/CVE-2019-15294",
"refsource": "CONFIRM",
"url": "https://security.gallagher.com/CVE-2019-15294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15294",
"datePublished": "2019-08-28T11:06:01",
"dateReserved": "2019-08-21T00:00:00",
"dateUpdated": "2024-08-05T00:42:03.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23576 (GCVE-0-2023-23576)
Vulnerability from cvelistv5
Published
2023-12-18 21:59
Modified
2024-08-02 10:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-696 - Incorrect Behavior Order
Summary
Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision.
This issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Version: 0 < Version: 8.90 < 8.90.1620 (MR2) Version: 8.80 < 8.80.1369 (MR3) Version: 8.70 < 8.70.2375 (MR5) Version: 8.60 < 8.60.2550 (MR7) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "8.80.1369 (MR3)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "8.70.2375 (MR5)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "8.60.2550 (MR7)",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nIncorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. \n\nThis issue affects: Gallagher Command Centre: 8.90 prior to vEL8.90.1620 (MR2), 8.80 prior to vEL8.80.1369 (MR3), 8.70 prior to vEL8.70.2375 (MR5), 8.60 prior to vEL8.60.2550 (MR7), all versions of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696: Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:38.164Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23576"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23576",
"datePublished": "2023-12-18T21:59:38.164Z",
"dateReserved": "2023-02-03T20:38:05.225Z",
"dateUpdated": "2024-08-02T10:35:33.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23584 (GCVE-0-2023-23584)
Vulnerability from cvelistv5
Published
2023-12-18 21:59
Modified
2024-08-02 10:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Observable Response Discrepancy
Summary
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.
This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Version: 0 < Version: 8.70 < 8.70.1787 (MR2) Version: 8.60 < 8.60.2039 (MR4) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.50",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.70.1787 (MR2)",
"status": "affected",
"version": "8.70",
"versionType": "custom"
},
{
"lessThan": "8.60.2039 (MR4)",
"status": "affected",
"version": "8.60",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nAn observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. \n\nThis issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:58.271Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23584"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23584",
"datePublished": "2023-12-18T21:59:58.271Z",
"dateReserved": "2023-02-03T20:38:05.261Z",
"dateUpdated": "2024-08-02T10:35:33.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23230 (GCVE-0-2021-23230)
Vulnerability from cvelistv5
Published
2021-06-11 15:46
Modified
2024-08-03 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.40 < 8.40.1888 (MR3) Version: 8.30 < 8.30.1359 (MR3) Version: 8.20 < 8.20.1259 (MR5) Version: 8.10 < 8.10.1284 (MR7) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1259 (MR5)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1284 (MR7)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1259 (MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1284 (MR7)"
},
{
"version_affected": "\u003c=",
"version_value": "8.00"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23230"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23230",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16103 (GCVE-0-2020-16103)
Vulnerability from cvelistv5
Published
2020-12-14 19:34
Modified
2024-08-04 13:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-704 - Incorrect Type Conversion or Cast
Summary
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: unspecified < Version: 8.30 < 8.30.1236(MR1) Version: 8.20 < 8.20.1166(MR3) Version: 8.10 < 8.10.1211(MR5) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.30.1236(MR1)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
},
{
"lessThan": "8.20.1166(MR3)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1211(MR5)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704 Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T19:34:42",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1236(MR1)"
},
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1166(MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1211(MR5)"
},
{
"version_affected": "\u003c=",
"version_value": "8.00"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-704 Incorrect Type Conversion or Cast"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16103",
"datePublished": "2020-12-14T19:34:42",
"dateReserved": "2020-07-28T00:00:00",
"dateUpdated": "2024-08-04T13:37:53.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22363 (GCVE-0-2023-22363)
Vulnerability from cvelistv5
Published
2023-07-24 23:09
Modified
2024-10-17 13:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based buffer overflow
Summary
A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.
This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: vEL8.80 < 1192 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:12.969143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:52.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\u003c/p\u003e"
}
],
"value": "\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T23:09:14.127Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-22363"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Access Zone stack overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-22363",
"datePublished": "2023-07-24T23:09:14.127Z",
"dateReserved": "2023-02-03T20:38:05.254Z",
"dateUpdated": "2024-10-17T13:04:52.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19801 (GCVE-0-2019-19801)
Vulnerability from cvelistv5
Published
2020-01-17 01:55
Modified
2024-08-05 02:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.gallagher.com/cve-2019-19801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-17T01:55:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.gallagher.com/cve-2019-19801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/cve-2019-19801",
"refsource": "CONFIRM",
"url": "https://security.gallagher.com/cve-2019-19801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19801",
"datePublished": "2020-01-17T01:55:00",
"dateReserved": "2019-12-15T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23204 (GCVE-0-2021-23204)
Vulnerability from cvelistv5
Published
2021-06-11 15:46
Modified
2024-08-03 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: 8.40 < 8.40.1888 (MR3) Version: 8.30 < 8.30.1359 (MR3) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
},
{
"lessThan": "8.30.1359 (MR3)",
"status": "affected",
"version": "8.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.30",
"version_value": "8.30.1359 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23204"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23204",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:54.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12492 (GCVE-0-2019-12492)
Vulnerability from cvelistv5
Published
2019-06-06 19:29
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:37.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.gallagher.com/CVE-2019-12492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.gallagher.com/security-advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T19:29:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.gallagher.com/CVE-2019-12492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.gallagher.com/security-advisories"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/CVE-2019-12492",
"refsource": "CONFIRM",
"url": "https://security.gallagher.com/CVE-2019-12492"
},
{
"name": "https://security.gallagher.com/security-advisories",
"refsource": "CONFIRM",
"url": "https://security.gallagher.com/security-advisories"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12492",
"datePublished": "2019-06-06T19:29:20",
"dateReserved": "2019-05-30T00:00:00",
"dateUpdated": "2024-08-04T23:24:37.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23182 (GCVE-0-2021-23182)
Vulnerability from cvelistv5
Published
2021-06-11 15:46
Modified
2024-08-03 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: 8.30 Version: 8.40 < 8.40.1888 (MR3) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "8.30"
},
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
},
{
"version_affected": "=",
"version_value": "8.30"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-316"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23182"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23182",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25074 (GCVE-0-2023-25074)
Vulnerability from cvelistv5
Published
2023-07-24 23:05
Modified
2024-10-17 13:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.
This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4),
vEL8.60 prior to vEL8.60.2347 (MR6),
vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: vEL8.40 Version: vEL8.50 < 2831 Version: vEL8.60 < 2347 Version: vEL8.70 < 2185 Version: vEL8.80 < 1192 Version: vEL8.90 < 1318 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:44.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25074",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:01:17.838609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:04:13.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"status": "affected",
"version": "vEL8.40"
},
{
"lessThan": "2831",
"status": "affected",
"version": "vEL8.50",
"versionType": "custom"
},
{
"lessThan": "2347",
"status": "affected",
"version": "vEL8.60",
"versionType": "custom"
},
{
"lessThan": "2185",
"status": "affected",
"version": "vEL8.70",
"versionType": "custom"
},
{
"lessThan": "1192",
"status": "affected",
"version": "vEL8.80",
"versionType": "custom"
},
{
"lessThan": "1318",
"status": "affected",
"version": "vEL8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evEL8.60 prior to vEL8.60.2347 (MR6),\u003c/span\u003e\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T05:39:07.574Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2023-25074"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Competency access levels not enforced in the server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-25074",
"datePublished": "2023-07-24T23:05:24.657Z",
"dateReserved": "2023-02-03T20:38:05.215Z",
"dateUpdated": "2024-10-17T13:04:13.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21838 (GCVE-0-2024-21838)
Vulnerability from cvelistv5
Published
2024-03-05 03:11
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre.
This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Version: 0 < Version: 9.00 < vEL9.00.1774 (MR2) Version: 8.90 < vEL8.90.1751 (MR3) Version: 8.80 < vEL8.80.1526 (MR4) Version: 8.70 < vEL8.70.2526 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:42:22.095197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:11.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher ",
"versions": [
{
"lessThanOrEqual": "8.60",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vEL9.00.1774 (MR2)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThan": "vEL8.90.1751 (MR3)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
},
{
"lessThan": "vEL8.80.1526 (MR4)",
"status": "affected",
"version": "8.80",
"versionType": "custom"
},
{
"lessThan": "vEL8.70.2526",
"status": "affected",
"version": "8.70",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOnly sites making use of Command Centre to send emails are affected. \u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nOnly sites making use of Command Centre to send emails are affected. \n\n\n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u0026nbsp;all version of 8.60 and prior.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T03:11:55.586Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2024-21838",
"datePublished": "2024-03-05T03:11:55.586Z",
"dateReserved": "2024-02-05T04:16:47.986Z",
"dateUpdated": "2024-08-01T22:27:36.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23570 (GCVE-0-2023-23570)
Vulnerability from cvelistv5
Published
2023-12-18 21:59
Modified
2024-11-27 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Summary
Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior.
This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: 0 < Version: 8.90 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:27:10.315759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:27:18.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.80",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.90.1620 (MR2)",
"status": "affected",
"version": "8.90",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Command Centre \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e8.90 prior to vEL8.90.1620 (MR2), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of 8.80 and prior.\u003c/span\u003e\n\n"
}
],
"value": "\nClient-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. \n\nThis issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T21:59:16.732Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-23570"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-23570",
"datePublished": "2023-12-18T21:59:16.732Z",
"dateReserved": "2023-02-03T20:38:05.220Z",
"dateUpdated": "2024-11-27T20:27:18.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46686 (GCVE-0-2023-46686)
Vulnerability from cvelistv5
Published
2023-12-18 22:01
Modified
2024-10-01 15:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Summary
A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols.
This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Diagnostics Service |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-26T20:59:49.981191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:59:10.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Diagnostics Service",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "1.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA reliance on untrusted inputs in a security decision could be exploited by a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprivileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \u003cbr\u003e\u003cbr\u003eThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "\nA reliance on untrusted inputs in a security decision could be exploited by a privileged\u00a0user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. \n\nThis issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)).\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T22:01:03.342Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2023-46686"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2023-46686",
"datePublished": "2023-12-18T22:01:03.342Z",
"dateReserved": "2023-11-01T22:24:52.286Z",
"dateUpdated": "2024-10-01T15:59:10.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23211 (GCVE-0-2021-23211)
Vulnerability from cvelistv5
Published
2021-06-11 15:46
Modified
2024-08-03 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre |
Version: 8.40 < 8.40.1888 (MR3) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "8.40.1888 (MR3)",
"status": "affected",
"version": "8.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T15:46:01",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2021-23211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.40",
"version_value": "8.40.1888 (MR3)"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-316"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2021-23211"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2021-23211",
"datePublished": "2021-06-11T15:46:01",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}