What is the severity of CVE-2020-16098?

CVE-2020-16098 has a moderate severity as it allows unauthenticated access to sensitive credential information.

How do I fix CVE-2020-16098?

To fix CVE-2020-16098, upgrade Gallagher Command Centre to version 8.20.1166 or later for v8.20, 8.10.1211 or later for v8.10, or 8.00.1228 or later for v8.00.

Who is affected by CVE-2020-16098?

Users of Gallagher Command Centre prior to versions 8.20.1166, 8.10.1211, or 8.00.1228 are affected by CVE-2020-16098.

What type of vulnerability is CVE-2020-16098?

CVE-2020-16098 is a security vulnerability that allows enumeration of access card credentials due to improper authentication.

Is CVE-2020-16098 being actively exploited?

There is no public information indicating that CVE-2020-16098 is currently being actively exploited, but it is advisable to address the vulnerability promptly.

Vulnerability/
CVE-2020-16098

critical

9.8

CWE

306 287

15/9/2020

4/8/2024

CVE-2020-16098

First published: Tue Sep 15 2020(Updated: )

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.

Credit: disclosures@gallagher.com

Affected Software	Affected Version	How to fix
Gallagher Command Centre	>=8.00<8.00.1228
Gallagher Command Centre	>=8.10<8.10.1211
Gallagher Command Centre	>=8.20<8.20.1166
Gallagher Command Centre	>=8.30<8.30.1236
Gallagher Command Centre	=8.00.1228
Gallagher Command Centre	=8.10.1211
Gallagher Command Centre	=8.20.1166
Gallagher Command Centre	=8.30.1236

Never miss a vulnerability like this again

Reference Links

https://security.gallagher.com/Security-Advisories/CVE-2020-16098

Frequently Asked Questions

What is the severity of CVE-2020-16098?
CVE-2020-16098 has a moderate severity as it allows unauthenticated access to sensitive credential information.
How do I fix CVE-2020-16098?
To fix CVE-2020-16098, upgrade Gallagher Command Centre to version 8.20.1166 or later for v8.20, 8.10.1211 or later for v8.10, or 8.00.1228 or later for v8.00.
Who is affected by CVE-2020-16098?
Users of Gallagher Command Centre prior to versions 8.20.1166, 8.10.1211, or 8.00.1228 are affected by CVE-2020-16098.
What type of vulnerability is CVE-2020-16098?
CVE-2020-16098 is a security vulnerability that allows enumeration of access card credentials due to improper authentication.
Is CVE-2020-16098 being actively exploited?
There is no public information indicating that CVE-2020-16098 is currently being actively exploited, but it is advisable to address the vulnerability promptly.

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/references
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/gallagher
canonical/gallagher command centre
version/gallagher command centre/8.00
version/gallagher command centre/8.10
version/gallagher command centre/8.20
version/gallagher command centre/8.30
version/gallagher command centre/8.00.1228
version/gallagher command centre/8.10.1211
version/gallagher command centre/8.20.1166
version/gallagher command centre/8.30.1236

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.