What is the severity of CVE-2020-16097?

CVE-2020-16097 is a vulnerability that affects specific versions of the Gallagher Command Centre, posing security risks that require immediate attention.

How do I fix CVE-2020-16097?

To mitigate CVE-2020-16097, upgrade to Gallagher Command Centre versions v8.20.200221b or later, v8.10.179 or later, v8.00.165 or later, or v7.90.165 or later.

Which versions of Gallagher Command Centre are affected by CVE-2020-16097?

CVE-2020-16097 affects Gallagher Command Centre versions prior to v8.20.200221b, v8.10.179, v8.00.165, and v7.90.165.

What types of devices are impacted by CVE-2020-16097?

CVE-2020-16097 impacts Gallagher Command Centre software installed on controllers operating within the specified vulnerable versions.

Is there a workaround for CVE-2020-16097 if I can't upgrade?

There are currently no known workarounds for CVE-2020-16097, so upgrading to a secure version is strongly recommended.

Vulnerability/
CVE-2020-16097

high

7.3

CWE

522

15/9/2020

4/8/2024

CVE-2020-16097

First published: Tue Sep 15 2020(Updated: )

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.

Credit: disclosures@gallagher.com

Affected Software	Affected Version	How to fix
Gallagher Command Centre	>=7.90<7.90.1038
Gallagher Command Centre	>=8.00<8.00.1228
Gallagher Command Centre	>=8.10<8.10.1211
Gallagher Command Centre	>=8.20<8.20.1093
Gallagher Command Centre	=7.90.1038
Gallagher Command Centre	=8.00.1228
Gallagher Command Centre	=8.10.1211
Gallagher Command Centre	=8.20.1093

Never miss a vulnerability like this again

Reference Links

https://security.gallagher.com/Security-Advisories/CVE-2020-16097

Frequently Asked Questions

What is the severity of CVE-2020-16097?
CVE-2020-16097 is a vulnerability that affects specific versions of the Gallagher Command Centre, posing security risks that require immediate attention.
How do I fix CVE-2020-16097?
To mitigate CVE-2020-16097, upgrade to Gallagher Command Centre versions v8.20.200221b or later, v8.10.179 or later, v8.00.165 or later, or v7.90.165 or later.
Which versions of Gallagher Command Centre are affected by CVE-2020-16097?
CVE-2020-16097 affects Gallagher Command Centre versions prior to v8.20.200221b, v8.10.179, v8.00.165, and v7.90.165.
What types of devices are impacted by CVE-2020-16097?
CVE-2020-16097 impacts Gallagher Command Centre software installed on controllers operating within the specified vulnerable versions.
Is there a workaround for CVE-2020-16097 if I can't upgrade?
There are currently no known workarounds for CVE-2020-16097, so upgrading to a secure version is strongly recommended.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/weakness
agent/references
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/gallagher
canonical/gallagher command centre
version/gallagher command centre/7.90
version/gallagher command centre/8.00
version/gallagher command centre/8.10
version/gallagher command centre/8.20
version/gallagher command centre/7.90.1038
version/gallagher command centre/8.00.1228
version/gallagher command centre/8.10.1211
version/gallagher command centre/8.20.1093

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.