7.5
CVE-2020-16101
- EPSS 0.39%
- Veröffentlicht 15.09.2020 14:15:14
- Zuletzt bearbeitet 21.11.2024 05:06:46
- Quelle disclosures@gallagher.com
- CVE-Watchlists
- Unerledigt
LoginIt is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallagher ≫ Command Centre Version >= 8.00 < 8.00.1228
Gallagher ≫ Command Centre Version >= 8.10 < 8.10.1211
Gallagher ≫ Command Centre Version >= 8.20 < 8.20.1166
Gallagher ≫ Command Centre Version8.00.1228 Update-
Gallagher ≫ Command Centre Version8.10.1211 Update-
Gallagher ≫ Command Centre Version8.20.1166 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.571 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| disclosures@gallagher.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-805 Buffer Access with Incorrect Length Value
The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.