CVE-2020-16098 : Security Advisory and Response

Command Centre by Gallagher is affected by a critical vulnerability that allows attackers to enumerate access card credentials, potentially leading to unauthorized access.

Understanding CVE-2020-16098

Command Centre versions prior to 8.20.1166(MR3), 8.10.1211(MR5), and 8.00.1228(MR6) are impacted, along with all versions of 7.90 and earlier.

What is CVE-2020-16098?

The vulnerability in Command Centre allows unauthorized access to the server to enumerate access card credentials, which can then be used to encode low-security cards for system access.

The Impact of CVE-2020-16098

CVSS Base Score: 9.8 (Critical)
Attack Vector: Network
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
Privileges Required: None
Scope: Unchanged
User Interaction: None

Technical Details of CVE-2020-16098

Command Centre vulnerability details:

Vulnerability Description

The flaw allows attackers to enumerate access card credentials via an unauthenticated network connection to the server.

Affected Systems and Versions

Command Centre v8.20 prior to v8.20.1166(MR3)
Command Centre v8.10 prior to v8.10.1211(MR5)
Command Centre v8.00 prior to v8.00.1228(MR6)
All versions of 7.90 and earlier

Exploitation Mechanism

Attackers can exploit this vulnerability through an unauthenticated network connection to the server.

Mitigation and Prevention

Immediate Steps to Take

Upgrade Command Centre to version 8.20.1166(MR3) or higher.
Implement network security measures to restrict unauthorized access.
Monitor access card activities for anomalies.

Long-Term Security Practices

Regularly update and patch Command Centre software.
Conduct security training for system administrators and users.

Patching and Updates

Apply security patches provided by Gallagher promptly to address the vulnerability.