CVE-2020-16096

Severity CVSS v4.0:
Pending analysis
Type:
CWE-285 Improper Authorization
Publication date:
15/09/2020
Last modified:
17/06/2026

Description

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:* 7.80 (including) 7.80.960 (excluding)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:* 7.90 (including) 7.90.991 (excluding)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:* 8.00 (including) 8.00.1161 (excluding)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:* 8.10 (including) 8.10.1134 (excluding)
cpe:2.3:a:gallagher:command_centre:7.80.960:-:*:*:*:*:*:*
cpe:2.3:a:gallagher:command_centre:7.90.991:-:*:*:*:*:*:*
cpe:2.3:a:gallagher:command_centre:8.00.1161:-:*:*:*:*:*:*
cpe:2.3:a:gallagher:command_centre:8.10.1134:-:*:*:*:*:*:*