PT-2020-19469 · Gallagher · Gallagher Command Centre
Published
2020-01-20
·
Updated
2021-07-21
·
CVE-2020-7215
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre versions 7.x through 7.90.990
Gallagher Command Centre versions 8.00 through 8.00.1160
Gallagher Command Centre versions 8.10 through 8.10.1133
Description
An issue was discovered where external system configuration data for third-party integrations, such as DVR systems, were logged in the Command Centre event trail. This allowed any authenticated operator with the 'view events' privilege to see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event.
Recommendations
For Gallagher Command Centre versions 7.x through 7.90.990, update to version 7.90.991(MR5) or later.
For Gallagher Command Centre versions 8.00 through 8.00.1160, update to version 8.00.1161(MR5) or later.
For Gallagher Command Centre versions 8.10 through 8.10.1133, update to version 8.10.1134(MR4) or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallagher Command Centre