CVE-2020-16102 - OpenCVE

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gallagher	Command Centre

Configuration 1 [-]

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre:8.00.1252:-::::::
	cpe:2.3:a:gallagher:command_centre:8.00.1252:maintenance_release7::::::
	cpe:2.3:a:gallagher:command_centre:8.10.1253:-::::::
	cpe:2.3:a:gallagher:command_centre:8.10.1253:maintenance_release6::::::
	cpe:2.3:a:gallagher:command_centre:8.20.1218:-::::::
	cpe:2.3:a:gallagher:command_centre:8.20.1218:maintenance_release4::::::
	cpe:2.3:a:gallagher:command_centre:8.30.1299:-::::::
	cpe:2.3:a:gallagher:command_centre:8.30.1299:maintenance_release2::::::

References

Link	Resource
https://security.gallagher.com/Security-Advisories/CVE-2020-16102	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Gallagher

Published: 2020-12-14T19:26:18

Updated: 2020-12-15T21:29:13

Reserved: 2020-07-28T00:00:00

Link: CVE-2020-16102

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-12-14T20:15:12.060

Modified: 2021-11-18T16:33:01.177

Link: CVE-2020-16102

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Command Centre", "vendor": "Gallagher", "versions": [{"lessThanOrEqual": "7.90", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "8.30.1299(MR2)", "status": "affected", "version": "8.30", "versionType": "custom"}, {"lessThan": "8.20.1218(MR4)", "status": "affected", "version": "8.20", "versionType": "custom"}, {"lessThan": "8.10.1253(MR6)", "status": "affected", "version": "8.10", "versionType": "custom"}, {"lessThan": "8.00.1252(MR7)", "status": "affected", "version": "8.00", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-15T21:29:13", "orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "disclosures@gallagher.com", "ID": "CVE-2020-16102", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Command Centre", "version": {"version_data": [{"version_affected": "<", "version_name": "8.30", "version_value": "8.30.1299(MR2)"}, {"version_affected": "<", "version_name": "8.20", "version_value": "8.20.1218(MR4)"}, {"version_affected": "<", "version_name": "8.10", "version_value": "8.10.1253(MR6)"}, {"version_affected": "<", "version_name": "8.00", "version_value": "8.00.1252(MR7)"}, {"version_affected": "<=", "version_value": "7.90"}]}}]}, "vendor_name": "Gallagher"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287 Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102", "refsource": "MISC", "url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"}]}, "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "assignerShortName": "Gallagher", "cveId": "CVE-2020-16102", "datePublished": "2020-12-14T19:26:18", "dateReserved": "2020-07-28T00:00:00", "dateUpdated": "2020-12-15T21:29:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC327DD-614D-4F03-B77A-941EFE1269F3", "versionEndExcluding": "7.90.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "484DE0E5-B3A6-45BF-9765-95A2579A077A", "versionEndExcluding": "8.00.1252", "versionStartIncluding": "8.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FD0CD44-58B8-4BA4-9F8D-3A25E984F3B2", "versionEndExcluding": "8.10.1253", "versionStartIncluding": "8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFAE071C-1C1B-49A0-9ED9-5A245D4C127D", "versionEndExcluding": "8.20.1218", "versionStartIncluding": "8.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE22EE9E-C228-4C51-BD4E-E67F7C6118A6", "versionEndExcluding": "8.30.1299", "versionStartIncluding": "8.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1252:-:*:*:*:*:*:*", "matchCriteriaId": "60D924CC-E467-4CDC-9879-5C4CF7D59350", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.00.1252:maintenance_release7:*:*:*:*:*:*", "matchCriteriaId": "2F6F0395-D22D-47AD-92E1-8A05FEB66C80", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1253:-:*:*:*:*:*:*", "matchCriteriaId": "930BFF65-C8F9-4CF2-BEF4-9D7DA65C6A02", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1253:maintenance_release6:*:*:*:*:*:*", "matchCriteriaId": "42B951CF-1EE2-4C83-9C34-8DC9800572CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1218:-:*:*:*:*:*:*", "matchCriteriaId": "B8C3278B-BBB3-43E5-AA9F-7575F5C815DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1218:maintenance_release4:*:*:*:*:*:*", "matchCriteriaId": "55231378-5292-43B2-90FE-6E6FE5FF18A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1299:-:*:*:*:*:*:*", "matchCriteriaId": "C9908088-8A0A-4CFA-B539-5B1266D27074", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1299:maintenance_release2:*:*:*:*:*:*", "matchCriteriaId": "B5857DDB-BF50-4047-8698-1F15CF9EBBEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en Gallagher Command Center Server, permite a un atacante remoto no autenticado crear elementos con una configuraci\u00f3n no v\u00e1lida, causando potencialmente que el servidor se bloquee y que no vuelva a reiniciar. Este problema afecta a: Gallagher Command Centre versiones 8.30 anteriores a 8.30.1299(MR2); versiones 8.20 anteriores a 8.20.1218(MR4); versiones 8.10 anteriores a 8.10.1253(MR6); versiones 8.00 anteriores a 8.00.1252(MR7); versi\u00f3n 7.90 y anteriores"}], "id": "CVE-2020-16102", "lastModified": "2021-11-18T16:33:01.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2020-12-14T20:15:12.060", "references": [{"source": "disclosures@gallagher.com", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16102"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}