CVE-2021-23146

Severity: Medium + CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Components affected: Gallagher Controller
Version of Command Centre affected: 8.40 prior to vCR8.40.210518a (distributed in 8.40.1888 (MR3)), 8.30 prior to vCR8.30.210428c (distributed in 8.30.1454 (MR3)), 8.20 prior to vCR8.20.210422a (distributed in 8.20.1291 (MR5)), 8.10 prior to vGR8.10.200 (distributed in 8.10.1284 (MR7)), all versions of 8.00
Reported by: Customer reported
Active exploitation of vulnerability*: No
Description of vulnerability: An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 prior to vGR8.40.881 (distributed in 8.40.1888 (MR3)), 8.30 prior to vGR8.30.712 (distributed in 8.30.1359 (MR3)), 8.20 prior to vGR8.20.393 (distributed in 8.20.1259 (MR5)), 8.10 prior to vGR8.10.200 (distributed in 8.10.1284 (MR7)), all versions of 8.00
Mitigation: Disable 125 kHz card technology.

Maintenance releases are now available for:

  • v8.40 - v8.40.1888 (MR3)

  • v8.30 - v8.30.1359 (MR3)

  • v8.20 - v8.20.1259 (MR5)

  • 8.10 - v8.10.1284 (MR7)

 

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.

X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm