9.8
CVE-2020-16098
- EPSS 0.47%
- Veröffentlicht 15.09.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:06:46
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
LoginIt is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallagher ≫ Command Centre Version >= 8.00 < 8.00.1228
Gallagher ≫ Command Centre Version >= 8.10 < 8.10.1211
Gallagher ≫ Command Centre Version >= 8.20 < 8.20.1166
Gallagher ≫ Command Centre Version >= 8.30 < 8.30.1236
Gallagher ≫ Command Centre Version8.00.1228 Update-
Gallagher ≫ Command Centre Version8.10.1211 Update-
Gallagher ≫ Command Centre Version8.20.1166 Update-
Gallagher ≫ Command Centre Version8.30.1236 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.616 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| disclosures@gallagher.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.