Gallagher is committed to ensuring that we provide safe, secure and robust products to our customers. As technology changes and evolves, both our internal and third party penetration testers are constantly testing our products to find vulnerabilities.
Vulnerabilities identified as critical are resolved promptly in all affected, supported versions* of Command Centre and a new version of Command Centre (a maintenance release) will be developed to address the vulnerability. Maintenance releases for a specific version of Command Centre are available to all licensed customers regardless of the customers Software Maintenance status with Gallagher.
Security Advisories will be available on our website and will contain details of:
- The severity (based on CVSS score system v3.1)
- CVE identification number
- Components affected (e.g. servers, workstations, controllers)
- Versions of software that are affected
- Any mitigations
- Who the vulnerability was reported by
- Whether we are aware of it being actively exploited
- A description of the vulnerability
- Which versions maintenance releases are available for
*supported versions include the current version and the three previous versions of Command Centre
Want to ensure your system is configured to mitigate security threats? Request a copy of our hardening guides. These are available for Command Centre, Controller 6000 & Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies and the impacts of legacy hardware.
Current Security Advisories
- Apache Java Log4j | Unaffected | 15th Dec 2021
- CVE-2021-23197 | Medium | 15th Nov 2021
- CVE-2021-23193 | High | 15th Nov 2021
- CVE-2021-23167 | High | 15th Nov 2021
- CVE-2021-23162 | High | 15th Nov 2021
- CVE-2021-23155 | Critical | 15th Nov 2021
- CVE-2021-23146 | Medium | 15th Nov 2021
- CVE Archive
Security Researcher Acknowledgements
Gallagher strongly values the efforts of security researchers, and would like to personally acknowledge the following individuals who have helped to strengthen Gallagher’s products and services through the responsible disclosure of security vulnerabilities.