CVE-2020-16097

Severity: High (CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)
Components affected: T-Series Readers
Version of Command Centre affected: Versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MR6)), v7.80 or earlier.
Reported by: Matthew Daley of Aura Information Security
Active exploitation of vulnerability*: Only in test environments
Description of vulnerability: On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MR6)), v7.80 or earlier, it is possible to retrieve site keys used for securing MIFARE Plus and DESFire using debug ports on T-Series readers.
Mitigation: Using site specific MIFARE DESFire and Plus keys means compromise of another site cannot effect your site. As of v8.30, Key Migration feature allows you to roll your keys on DESFire card by presenting at our HBUS Readers, if you are using a default MIFARE Site key seed, or you feel a custom MIFARE Site key seed may have been compromised. Ensure that any readers that are being disposed are done so in a secure manner.

Maintenance releases are now available for:

• v8.20 - vCR8.20.200221b included in v8.20.1093(MR2) 

• v8.10 - vGR8.10.179 included in v8.10.1211(MR5) 

• v8.00 - vGR8.00.165 included in v8.00.1228(MR6) 

• v7.90 - vGR7.90.165 included in v7.90.1038(MR6)

Important notes:

• This requires only controllers to be upgraded.

*This indicates whether Gallagher are aware of this being exploited against customer sites.