CVE-2020-16100

EPSS 0.45%
Veröffentlicht 15.09.2020 14:15:13
Zuletzt bearbeitet 21.11.2024 05:06:46
Quelle disclosures@gallagher.com
CVE-Watchlists
Login
Unerledigt
Login

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gallagher ≫ Command Centre Version >= 8.00 < 8.00.1228

Gallagher ≫ Command Centre Version >= 8.10 < 8.10.1211

Gallagher ≫ Command Centre Version >= 8.20 < 8.20.1166

Gallagher ≫ Command Centre Version8.00.1228 Update-

Gallagher ≫ Command Centre Version8.10.1211 Update-

Gallagher ≫ Command Centre Version8.20.1166 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.605

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
disclosures@gallagher.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://security.gallagher.com/Security-Advisories/CVE-2020-16100

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-16100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16100

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-16100