CVE-2020-16102

Published: Dic 14, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-8068 Aliases: GSD-2020-16102
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: high
MEDIUM 6,4
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: partial

Description

AI Translation Available

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0098
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

287

Improper Authentication

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Access Control
Potential Impacts:
Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
306

Missing Authentication for Critical Function

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Other
Potential Impacts:
Gain Privileges Or Assume Identity Varies By Context
Applicable Platforms
Technologies: Cloud Computing, ICS/OT
Likelihood of Exploit: High
View CWE Details
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.00.1252
cpe:2.3:a:gallagher:command_centre:8.00.1252:maintenance_release7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.10.1253
cpe:2.3:a:gallagher:command_centre:8.10.1253:maintenance_release6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version Range Affected
From 8.00 (inclusive)
To 8.00.1252 (exclusive)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version Range Affected
From 8.10 (inclusive)
To 8.10.1253 (exclusive)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.20.1218
cpe:2.3:a:gallagher:command_centre:8.20.1218:maintenance_release4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.00.1252
cpe:2.3:a:gallagher:command_centre:8.00.1252:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.10.1253
cpe:2.3:a:gallagher:command_centre:8.10.1253:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version Range Affected
To 7.90.0 (exclusive)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.30.1299
cpe:2.3:a:gallagher:command_centre:8.30.1299:maintenance_release2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.20.1218
cpe:2.3:a:gallagher:command_centre:8.20.1218:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version Range Affected
From 8.30 (inclusive)
To 8.30.1299 (exclusive)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version Range Affected
From 8.20 (inclusive)
To 8.20.1218 (exclusive)
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Centre by Gallagher

Product Information
Vendor Gallagher
Product Command Centre
Version 8.30.1299
cpe:2.3:a:gallagher:command_centre:8.30.1299:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://security.gallagher.com/Security-Advisories/CVE-2020…
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2020-16102
https://security.gallagher.com/Security-Advisories/CVE-2020…
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2020-16102