exploitDog

CVE-2020-16102

Опубликовано: 14 дек. 2020

Источник: nvd

CVSS3: 7.1

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.

Ссылки

https://security.gallagher.com/Security-Advisories/CVE-2020-16102
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2020-16102
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия до 7.90.0 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.00 (включая) до 8.00.1252 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.10 (включая) до 8.10.1253 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.20 (включая) до 8.20.1218 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.30 (включая) до 8.30.1299 (исключая)

cpe:2.3:a:gallagher:command_centre:8.00.1252:-:*:*:*:*:*:*

cpe:2.3:a:gallagher:command_centre:8.00.1252:maintenance_release7:*:*:*:*:*:*

cpe:2.3:a:gallagher:command_centre:8.10.1253:-:*:*:*:*:*:*

cpe:2.3:a:gallagher:command_centre:8.10.1253:maintenance_release6:*:*:*:*:*:*

cpe:2.3:a:gallagher:command_centre:8.20.1218:-:*:*:*:*:*:*

cpe:2.3:a:gallagher:command_centre:8.20.1218:maintenance_release4:*:*:*:*:*:*

cpe:2.3:a:gallagher:command_centre:8.30.1299:-:*:*:*:*:*:*

cpe:2.3:a:gallagher:command_centre:8.30.1299:maintenance_release2:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00977

Низкий

7.1 High

CVSS3

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287

CWE-306

Связанные уязвимости

GHSA-4x7r-2g5v-6xmq

github

больше 3 лет назад

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.XXX(MRX); 8.20 versions prior to 8.20.XXX(MRX); 8.10 versions prior to 8.10.XXX(MRX); 8.00 versions prior to 8.00.XXX(MRX); version 7.90 and prior versions.

EPSS

Процентиль: 76%

0.00977

Низкий

7.1 High

CVSS3

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287

CWE-306