CVE-2020-16096

Name of the Vulnerable Software and Affected Versions Gallagher Command Centre versions 7.70 and earlier Gallagher Command Centre versions 7.80 prior to 7.80.960(MR2) Gallagher Command Centre versions 7.90 prior to 7.90.991(MR5) Gallagher Command Centre versions 8.00 prior to 8.00.1161(MR5) Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4)

Description The issue allows any operator account to access all data, including plain text credentials for DVR systems and card details used for physical access, alarm, and perimeter components, if the system is or were to be attached to a multi-server environment.

Recommendations For versions 7.70 and earlier, update to a version later than 7.70. For versions 7.80 prior to 7.80.960(MR2), update to 7.80.960(MR2) or later. For versions 7.90 prior to 7.90.991(MR5), update to 7.90.991(MR5) or later. For versions 8.00 prior to 8.00.1161(MR5), update to 8.00.1161(MR5) or later. For versions 8.10 prior to 8.10.1134(MR4), update to 8.10.1134(MR4) or later.