CVE-2020-16096

CRITICAL

Gallagher Command Centre < 7.80.960, 7.90 < 7.90.991, 8.00 < 8.00.1161, 8.10 < 8.10.1134 - Unauthorized Data Access

Title source: llm

Description

In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://security.gallagher.com/Security-Advisories/CVE-2020-16096

Scores

CVSS v3 9.9

EPSS 0.0080

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-285

Status published

Products (5)

gallagher/command_centre 7.80.960

gallagher/command_centre 7.90.991

gallagher/command_centre 8.00.1161

gallagher/command_centre 8.10.1134

gallagher/command_centre 7.80 - 7.80.960

Published Sep 15, 2020

Tracked Since Feb 18, 2026