Gallagher Command Centre — known CVE vulnerabilities
Every CVE whose affected-product data names Gallagher Command Centre, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (37)
CVE-2021-23140 — CVSS 9.9 (critical): Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised…
CVE-2021-23230 — CVSS 9.9 (critical): A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to…
CVE-2020-16096 — CVSS 9.9 (critical): In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.00 prior to 8.00.1161(MR5), 7.90 prior to 7.90.991(MR5), 7.80 prior to…
CVE-2019-15294 — CVSS 9.8 (critical): An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and…
CVE-2020-16098 — CVSS 9.8 (critical): It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre…
CVE-2024-21815 — CVSS 9.1 (critical): Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to…
CVE-2020-16103 — CVSS 8.8 (high): Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution…
CVE-2020-16104 — CVSS 8.2 (high): SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data…
CVE-2022-26348 — CVSS 8.2 (high): Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry…
CVE-2021-23204 — CVSS 8.1 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be…
CVE-2021-23205 — CVSS 8.1 (high): Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers…
CVE-2021-23167 — CVSS 8.1 (high): Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the…
CVE-2021-23193 — CVSS 8.1 (high): Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators…
CVE-2023-22428 — CVSS 7.6 (high): Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects…
CVE-2020-16101 — CVSS 7.5 (high): It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer…
CVE-2020-16100 — CVSS 7.5 (high): It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to…
CVE-2020-16097 — CVSS 7.3 (high): On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed…
CVE-2023-25074 — CVSS 7.1 (high): Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This…
CVE-2021-23146 — CVSS 7.1 (high): An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This…
CVE-2020-16102 — CVSS 7.1 (high): Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with…
CVE-2024-21838 — CVSS 6.8 (medium): Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead…
CVE-2019-12492 — CVSS 6.5 (medium): Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information…
CVE-2019-19802 — CVSS 6.5 (medium): In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80…
CVE-2021-23136 — CVSS 6.5 (medium): Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command…
CVE-2023-22363 — CVSS 6.5 (medium): A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders…
CVE-2021-23182 — CVSS 6.0 (medium): Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be…
CVE-2021-23211 — CVSS 6.0 (medium): Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption…
CVE-2020-7215 — CVSS 5.5 (medium): An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4)…
CVE-2019-19801 — CVSS 5.5 (medium): In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to…
CVE-2023-46686 — CVSS 5.5 (medium): A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre…
CVE-2023-23570 — CVSS 5.4 (medium): Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with…
CVE-2021-23197 — CVSS 5.2 (medium): Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the…
CVE-2023-23584 — CVSS 4.3 (medium): An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence…
CVE-2023-23576 — CVSS 4.3 (medium): Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than…
CVE-2023-23568 — CVSS 4.3 (medium): Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields…
CVE-2020-16099 — CVSS 4.3 (medium): In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like…
CVE-2023-22439 — CVSS 3.1 (low): Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80)…