CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16097
https://notcve.org/view.php?id=CVE-2020-16097
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. En controladores que ejecutan versiones desde v8.20 anteriores a vCR8.20.200221b (distribuido en versión v8.20.1093(MR2)), versiones v8.10 anteriores a vGR8.10.179 (distribuido en versión v8.10.1211(MR5)), versiones v8.00 anteriores a vGR8 .00.165 (distribuido en versión v8.00.1228(MR6)), versiones v7.90 anteriores a vGR7.90.165 (distribuido en v7.90.1038(MRX)), versiones v7.80 o anteriores, es posible recuperar las claves del sitio usadas para proteger MIFARE Plus y Desfire por medio de puertos de depuración en lectores de la Serie T • https://security.gallagher.com/Security-Advisories/CVE-2020-16097 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16099
https://notcve.org/view.php?id=CVE-2020-16099
In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect. En Gallagher Command Center versiones v8.20 anteriores a v8.20.1093(MR2) es posible crear eventos Guard Tour que cuando se accedían por medio de cosas como reportes causan que los clientes se cuelguen o desconecten temporalmente • https://security.gallagher.com/Security-Advisories/CVE-2020-16099 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-7215
https://notcve.org/view.php?id=CVE-2020-7215
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. Se detectó un problema en Gallagher Command Center versiones 7.x anteriores a 7.90.991(MR5), versiones 8.00 anteriores a 8.00.1161(MR5) y versiones 8.10 anteriores a 8.10.1134(MR4). Los datos de configuración del sistema externo (utilizados para integraciones de terceros, tales como los sistemas DVR) fueron registrados en el registro de eventos de Command Centre. • https://security.gallagher.com/cve-2020-7215 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-19802
https://notcve.org/view.php?id=CVE-2019-19802
In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. En Gallagher Command Center Server versiones v8.10 anteriores a v8.10.1134(MR4), versiones v8.00 anteriores a v8.00.1161(MR5), versiones v7.90 anteriores a v7.90.991(MR5), versiones v7.80 anteriores a v7.80.960(MR2) y versión v7.70 o anteriores, un usuario autenticado que conecta con OPCUA puede visualizar todos los datos que se replicarían en una configuración multiservidor sin ser aplicadas comprobaciones de privilegios. • https://security.gallagher.com/cve-2019-19802 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-19801
https://notcve.org/view.php?id=CVE-2019-19801
In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases. En Gallagher Command Center Server versiones v8.10 anteriores a v8.10.1134(MR4), versiones v8.00 anteriores a v8.00.1161(MR5), versiones v7.90 anteriores a v7.90.991(MR5), versiones v7.80 anteriores a v7.80.960(MR2) y versión v7.70 o anteriores, un usuario no privilegiado pero autenticado es capaz de realizar una copia de seguridad de las bases de datos de Command Center. • https://security.gallagher.com/cve-2019-19801 •