CVE-2020-16103
HIGH
8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
6,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0205
Percentile
0,8th
Updated
EPSS Score Trend (Last 90 Days)
704
Incorrect Type Conversion or Cast
IncompleteCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Other
Applicable Platforms
Languages:
C, C++, Memory-Unsafe, Not Language-Specific
843
Access of Resource Using Incompatible Type ('Type Confusion')
IncompleteCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Potential Impacts:
Read Memory
Modify Memory
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Applicable Platforms
Languages:
C, C++
Application
Command Centre by Gallagher
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:8.30.1236:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:8.20.1166:maintenance_release3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:8.10.1211:maintenance_release5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
Version Range Affected
From
8.10
(inclusive)
To
8.10.1211
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
Version Range Affected
To
8.00
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:8.30.1236:maintenance_release1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
Version Range Affected
From
8.20
(inclusive)
To
8.20.1166
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Command Centre by Gallagher
Version Range Affected
From
8.30
(inclusive)
To
8.30.1236
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://security.gallagher.com/Security-Advisories/CVE-2020-16103
https://security.gallagher.com/Security-Advisories/CVE-2020-16103