CVE-2021-23182
Severity: Medium CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Components affected: Command Centre Server
Version of Command Centre affected: 8.40 prior to 8.40.1888 (MR3), All versions of 8.30.
Reported by: Gallagher
Active exploitation of vulnerability*: No
Description of vulnerability: Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.
Mitigation: Sites not using OSDP readers are not impacted. Command Centre versions prior to 8.30 are not impacted. When transporting memory dumps, ensure it's done via a secure medium.
Maintenance releases are now available for:
- v8.40 - v8.40.1888(MR3)
Important notes:
- These maintenance upgrades require the Command Centre server to be upgraded.
*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.
Stay up to date with Gallagher
Get the latest Gallagher news, updates, and event information delivered straight to your inbox.