9.9
CVE-2020-16096
- EPSS 0.22%
- Veröffentlicht 15.09.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:06:46
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
LoginIn Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to 7.80.960(MR2), 7.70 and earlier, any operator account has access to all data that would be replicated if the system were to be (or is) attached to a multi-server environment. This can include plain text credentials for DVR systems and card details used for physical access/alarm/perimeter components.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallagher ≫ Command Centre Version >= 7.80 < 7.80.960
Gallagher ≫ Command Centre Version >= 7.90 < 7.90.991
Gallagher ≫ Command Centre Version >= 8.00 < 8.00.1161
Gallagher ≫ Command Centre Version >= 8.10 < 8.10.1134
Gallagher ≫ Command Centre Version7.80.960 Update-
Gallagher ≫ Command Centre Version7.90.991 Update-
Gallagher ≫ Command Centre Version8.00.1161 Update-
Gallagher ≫ Command Centre Version8.10.1134 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.416 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| disclosures@gallagher.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.