CVE-2021-23146

Severity: Medium + CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Components affected: Gallagher Controller
Version of Command Centre affected: 8.40 prior to vCR8.40.210518a (distributed in 8.40.1888 (MR3)), 8.30 prior to vCR8.30.210428c (distributed in 8.30.1454 (MR3)), 8.20 prior to vCR8.20.210422a (distributed in 8.20.1291 (MR5)), 8.10 prior to vGR8.10.200 (distributed in 8.10.1284 (MR7)), all versions of 8.00
Reported by: Customer reported
Active exploitation of vulnerability*: No
Description of vulnerability: An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 prior to vGR8.40.881 (distributed in 8.40.1888 (MR3)), 8.30 prior to vGR8.30.712 (distributed in 8.30.1359 (MR3)), 8.20 prior to vGR8.20.393 (distributed in 8.20.1259 (MR5)), 8.10 prior to vGR8.10.200 (distributed in 8.10.1284 (MR7)), all versions of 8.00
Mitigation: Disable 125 kHz card technology.

Maintenance releases are now available for:

  • v8.40 - v8.40.1888 (MR3)

  • v8.30 - v8.30.1359 (MR3)

  • v8.20 - v8.20.1259 (MR5)

  • 8.10 - v8.10.1284 (MR7)

 

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.

Stay up to date with Gallagher

Get the latest Gallagher news, updates, and event information delivered straight to your inbox.

X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm