CVE-2020-16103

Published Dec 14, 2020

Last updated 3 years ago

CVSS high 8.8

Overview

Description: Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.
Source: disclosures@gallagher.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-843
disclosures@gallagher.com: CWE-704

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63D6F225-FF42-4B2A-9CAE-0DF2366F28E3",
            "versionEndIncluding": "8.00"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE",
            "versionEndExcluding": "8.10.1211",
            "versionStartIncluding": "8.10"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE7DBECA-3C79-4346-AB66-B7538B230FE7",
            "versionEndExcluding": "8.20.1166",
            "versionStartIncluding": "8.20"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0DEE3F1-6EE3-4D31-BDF2-648F45C0EC20",
            "versionEndExcluding": "8.30.1236",
            "versionStartIncluding": "8.30"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:maintenance_release5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AE5C9DA-0A88-4A55-9395-7C2D357D9FF9"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DACA47B-78DA-4ED5-A15B-04556FA11865"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:maintenance_release3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38E86AF8-3460-4007-B5A2-0E4EA3F42974"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34322F73-2AEF-4920-96DD-B138125A0660"
          },
          {
            "criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:maintenance_release1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "784CE63C-BE80-4111-9A56-6CD03CAE6E0D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References