CVE-2020-16103 - OpenCVE

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gallagher	Command Centre

Configuration 1 [-]

OR	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre::::::::
	cpe:2.3:a:gallagher:command_centre:8.10.1211:-::::::
	cpe:2.3:a:gallagher:command_centre:8.10.1211:maintenance_release5::::::
	cpe:2.3:a:gallagher:command_centre:8.20.1166:-::::::
	cpe:2.3:a:gallagher:command_centre:8.20.1166:maintenance_release3::::::
	cpe:2.3:a:gallagher:command_centre:8.30.1236:-::::::
	cpe:2.3:a:gallagher:command_centre:8.30.1236:maintenance_release1::::::

No data.

References

Link	Providers
https://security.gallagher.com/Security-Advisories/CVE-2020-16103

History

No history.

MITRE

Status: PUBLISHED

Assigner: Gallagher

Published: 2020-12-14T19:34:42

Updated: 2024-08-04T13:37:53.487Z

Reserved: 2020-07-28T00:00:00

Link: CVE-2020-16103

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-14T20:15:12.170

Modified: 2022-04-25T17:45:59.820

Link: CVE-2020-16103

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Command Centre", "vendor": "Gallagher", "versions": [{"lessThanOrEqual": "8.00", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "8.30.1236(MR1)", "status": "affected", "version": "8.30", "versionType": "custom"}, {"lessThan": "8.20.1166(MR3)", "status": "affected", "version": "8.20", "versionType": "custom"}, {"lessThan": "8.10.1211(MR5)", "status": "affected", "version": "8.10", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-704", "description": "CWE-704 Incorrect Type Conversion or Cast", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-14T19:34:42", "orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "disclosures@gallagher.com", "ID": "CVE-2020-16103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Command Centre", "version": {"version_data": [{"version_affected": "<", "version_name": "8.30", "version_value": "8.30.1236(MR1)"}, {"version_affected": "<", "version_name": "8.20", "version_value": "8.20.1166(MR3)"}, {"version_affected": "<", "version_name": "8.10", "version_value": "8.10.1211(MR5)"}, {"version_affected": "<=", "version_value": "8.00"}]}}]}, "vendor_name": "Gallagher"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-704 Incorrect Type Conversion or Cast"}]}]}, "references": {"reference_data": [{"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103", "refsource": "MISC", "url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:37:53.487Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"}]}]}, "cveMetadata": {"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "assignerShortName": "Gallagher", "cveId": "CVE-2020-16103", "datePublished": "2020-12-14T19:34:42", "dateReserved": "2020-07-28T00:00:00", "dateUpdated": "2024-08-04T13:37:53.487Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "63D6F225-FF42-4B2A-9CAE-0DF2366F28E3", "versionEndIncluding": "8.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "55BB8603-0AAE-49A3-B127-374F24C498DE", "versionEndExcluding": "8.10.1211", "versionStartIncluding": "8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE7DBECA-3C79-4346-AB66-B7538B230FE7", "versionEndExcluding": "8.20.1166", "versionStartIncluding": "8.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0DEE3F1-6EE3-4D31-BDF2-648F45C0EC20", "versionEndExcluding": "8.30.1236", "versionStartIncluding": "8.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:-:*:*:*:*:*:*", "matchCriteriaId": "E672F2DB-6C4D-4549-977C-F4EDBCC461E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.10.1211:maintenance_release5:*:*:*:*:*:*", "matchCriteriaId": "4AE5C9DA-0A88-4A55-9395-7C2D357D9FF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:-:*:*:*:*:*:*", "matchCriteriaId": "3DACA47B-78DA-4ED5-A15B-04556FA11865", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.20.1166:maintenance_release3:*:*:*:*:*:*", "matchCriteriaId": "38E86AF8-3460-4007-B5A2-0E4EA3F42974", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:-:*:*:*:*:*:*", "matchCriteriaId": "34322F73-2AEF-4920-96DD-B138125A0660", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallagher:command_centre:8.30.1236:maintenance_release1:*:*:*:*:*:*", "matchCriteriaId": "784CE63C-BE80-4111-9A56-6CD03CAE6E0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions."}, {"lang": "es", "value": "Una confusi\u00f3n de tipos en Gallagher Command Center Server, permite a un atacante remoto bloquear el servidor o posiblemente causar una ejecuci\u00f3n de c\u00f3digo remota. Este problema afecta a: Gallagher Command Center versiones 8.30 anteriores a 8.30.1236 (MR1); versiones 8.20 anteriores a 8.20.1166(MR3); versiones 8.10 anteriores a 8.10.1211(MR5); versi\u00f3n 8.00 y versiones anteriores."}], "id": "CVE-2020-16103", "lastModified": "2022-04-25T17:45:59.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2020-12-14T20:15:12.170", "references": [{"source": "disclosures@gallagher.com", "tags": ["Vendor Advisory"], "url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16103"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-704"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}