Filtered by vendor Gallagher
Subscribe
Search
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23570 | 1 Gallagher | 1 Command Centre | 2024-01-05 | N/A | 8.1 HIGH |
| Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior. | |||||
| CVE-2023-24590 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-01-05 | N/A | 8.8 HIGH |
| A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. This issue affects: Gallagher Controller 6000 8.60 prior to vCR8.60.231116a (distributed in 8.60.2550 (MR7)), all versions of 8.50 and prior. | |||||
| CVE-2023-46686 | 1 Gallagher | 1 Command Centre | 2023-12-28 | N/A | 7.1 HIGH |
| A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0 (distributed in 9.00.1507(MR1)). | |||||
| CVE-2023-22363 | 1 Gallagher | 1 Command Centre | 2023-08-01 | N/A | 7.5 HIGH |
| A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2) | |||||
| CVE-2022-26078 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2022-07-14 | 7.8 HIGH | 7.5 HIGH |
| Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a. | |||||
| CVE-2021-23146 | 1 Gallagher | 1 Command Centre | 2022-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions. | |||||
| CVE-2021-23140 | 1 Gallagher | 1 Command Centre | 2022-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | |||||
| CVE-2020-16103 | 1 Gallagher | 1 Command Centre | 2022-04-25 | 6.5 MEDIUM | 8.8 HIGH |
| Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions. | |||||
| CVE-2021-23197 | 1 Gallagher | 1 Command Centre | 2021-11-23 | 4.6 MEDIUM | 7.8 HIGH |
| Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; | |||||
| CVE-2021-23162 | 1 Gallagher | 1 Command Centre Mobile Connect | 2021-11-23 | 6.8 MEDIUM | 8.1 HIGH |
| Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions. | |||||
| CVE-2020-16102 | 1 Gallagher | 1 Command Centre | 2021-11-18 | 6.4 MEDIUM | 8.2 HIGH |
| Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions. | |||||
| CVE-2021-23205 | 1 Gallagher | 1 Command Centre | 2021-06-22 | 8.5 HIGH | 8.1 HIGH |
| Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions. | |||||
| CVE-2020-16104 | 1 Gallagher | 1 Command Centre | 2020-12-16 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. | |||||
| CVE-2020-16100 | 1 Gallagher | 1 Command Centre | 2020-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | |||||
| CVE-2020-16101 | 1 Gallagher | 1 Command Centre | 2020-09-24 | 5.0 MEDIUM | 7.5 HIGH |
| It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | |||||
| CVE-2020-16096 | 1 Gallagher | 1 Command Centre | 2020-09-24 | 4.0 MEDIUM | 7.7 HIGH |
| In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components. | |||||