Filtered by vendor Gallagher
Subscribe
Total
42 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-23193 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions. | |||||
CVE-2021-23182 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30. | |||||
CVE-2021-23167 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions. | |||||
CVE-2021-23162 | 1 Gallagher | 1 Command Centre Mobile Connect | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions. | |||||
CVE-2021-23155 | 1 Gallagher | 1 Command Centre Mobile Client | 2024-11-21 | 4.3 MEDIUM | 9.0 CRITICAL |
Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions. | |||||
CVE-2021-23146 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 5.0 MEDIUM | 7.1 HIGH |
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. | |||||
CVE-2021-23140 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | |||||
CVE-2021-23136 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | |||||
CVE-2020-7215 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. | |||||
CVE-2020-16104 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.5 MEDIUM | 8.2 HIGH |
SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. | |||||
CVE-2020-16103 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. | |||||
CVE-2020-16102 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.4 MEDIUM | 7.1 HIGH |
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. | |||||
CVE-2020-16101 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | |||||
CVE-2020-16100 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | |||||
CVE-2020-16099 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. | |||||
CVE-2020-16098 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported. | |||||
CVE-2020-16097 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. | |||||
CVE-2020-16096 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.0 MEDIUM | 9.9 CRITICAL |
In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components. | |||||
CVE-2019-19802 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | |||||
CVE-2019-19801 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases. |