CVE-2020-16102

HIGH

Gallagher Command Centre < 7.90.0 - Unauthenticated Denial of Service via Invalid Configuration

Title source: llm

Description

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://security.gallagher.com/Security-Advisories/CVE-2020-16102

Scores

CVSS v3 7.1

EPSS 0.0103

EPSS Percentile 59.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Details

CWE

CWE-287 CWE-306

Status published

Products (5)

gallagher/command_centre 8.00.1252 (2 CPE variants)

gallagher/command_centre 8.10.1253 (2 CPE variants)

gallagher/command_centre 8.20.1218 (2 CPE variants)

gallagher/command_centre 8.30.1299 (2 CPE variants)

gallagher/command_centre < 7.90.0

Published Dec 14, 2020

Tracked Since Feb 18, 2026