PT-2020-14754 · Gallagher · Gallagher Command Centre
Published
2020-12-14
·
Updated
2021-11-18
·
CVE-2020-16102
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre versions prior to 8.30.1299(MR2)
Gallagher Command Centre versions prior to 8.20.1218(MR4)
Gallagher Command Centre versions prior to 8.10.1253(MR6)
Gallagher Command Centre versions prior to 8.00.1252(MR7)
Gallagher Command Centre version 7.90 and prior versions
Description
The issue is related to an Improper Authentication vulnerability in the Gallagher Command Centre Server. This vulnerability allows an unauthenticated remote attacker to create items with invalid configuration. As a result, the server may crash and fail to restart.
Recommendations
For versions prior to 8.30.1299(MR2), update to version 8.30.1299(MR2) or later.
For versions prior to 8.20.1218(MR4), update to version 8.20.1218(MR4) or later.
For versions prior to 8.10.1253(MR6), update to version 8.10.1253(MR6) or later.
For versions prior to 8.00.1252(MR7), update to version 8.00.1252(MR7) or later.
For version 7.90 and prior versions, update to a version later than 7.90.
Fix
Improper Authentication
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gallagher Command Centre