Gallagher is committed to ensuring that we provide safe, secure and robust products to our customers. As technology changes and evolves, both our internal and third party penetration testers are constantly testing our products to find vulnerabilities.
Vulnerabilities identified as critical are resolved promptly in all affected, supported versions* of Command Centre and a new version of Command Centre (a maintenance release) will be developed to address the vulnerability. Maintenance releases for a specific version of Command Centre are available to all licensed customers regardless of the customers Software Maintenance status with Gallagher.
Customers and Channel Partners will be advised of any maintenance releases through a Security Advisory.
Security Advisories will contain detail's of;
- The severity (based on CVSS score system v3.1)
- CVE identification number
- Components affected (e.g. servers, workstations, controllers)
- Versions of software that are affected
- Any mitigations
- Who the vulnerability was reported by
- Whether we are aware of it being actively exploited
- A description of the vulnerability
- Which versions maintenance releases are available for
*supported versions include the current version and the three previous versions of Command Centre
Want to ensure your system is configured to mitigate security threats? Request a copy of our hardening guides. These are available for Command Centre, Controller 6000 & Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies and the impacts of legacy hardware.
Current Security Advisories
- CVE-2020-16096 | Critial | 14th September 2020
- CVE-2020-16097 | High | 14th September 2020
- CVE-2020-16098 | Critical | 14th September 2020
- CVE-2020-16099 | Medium | 14th September 2020
- CVE-2020-16100 | High | 14th September 2020
- CVE-2020-16101 | High | 14th September 2020
- CVE-2020-7215 | Critical | 20th January 2020
- CVE-2019-19801 | High | 16th January 2020
- CVE-2019-19802 | High | 16th January 2020
- CVE Archive