CVE-2020-16097 : Vulnerability Insights and Analysis
Discover the impact of CVE-2020-16097 affecting Gallagher's Command Centre software. Learn about the vulnerability allowing unauthorized access to site keys.
Command Centre by Gallagher is affected by a vulnerability that allows retrieval of site keys used for securing MIFARE Plus and Desfire.
Understanding CVE-2020-16097
This CVE identifies a security issue in Gallagher's Command Centre software.
What is CVE-2020-16097?
The vulnerability in Command Centre allows unauthorized access to site keys through debug ports on T Series readers.
The Impact of CVE-2020-16097
The vulnerability has a CVSS base score of 7.3, indicating a high severity issue with significant confidentiality and integrity impacts.
Technical Details of CVE-2020-16097
Command Centre versions are affected by this vulnerability.
Vulnerability Description
Debug ports on T Series readers can be exploited to retrieve site keys used for securing MIFARE Plus and Desfire.
Affected Systems and Versions
- Command Centre vCR8.20.200221b and earlier
- Command Centre vGR8.10.179 and earlier
- Command Centre vGR8.00.165 and earlier
- Command Centre vGR7.90.1038 and earlier
- Command Centre vGR7.80 and earlier
Exploitation Mechanism
The vulnerability can be exploited physically through debug ports without requiring special privileges.
Mitigation and Prevention
Steps to address and prevent exploitation of this vulnerability.
Immediate Steps to Take
- Disable debug ports on T Series readers if not essential
- Implement network segmentation to restrict access
- Monitor and log debug port activity
Long-Term Security Practices
- Regularly update Command Centre software
- Conduct security assessments and penetration testing
- Educate staff on secure practices
Patching and Updates
- Apply patches provided by Gallagher to fix the vulnerability