What is CVE-2020-16098?

CVE-2020-16098 is a critical-severity vulnerability in Gallagher Command Centre, classified under Improper Authentication. CVSS score: 9.8/10. Published 2020-09-15.

How severe is CVE-2020-16098?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Gallagher Command Centre

CVE-2020-16098

It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to…

Vulnerability class: Broken Authentication

EPSS: 0.005 (64.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Gallagher Command Centre — versions unspecified, 8.20, 8.10

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

security.gallagher.com/Security-Advisories/CVE-2020-16098 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-16098?: CVE-2020-16098 is a critical-severity vulnerability in Gallagher Command Centre, classified under Improper Authentication. CVSS score: 9.8/10. Published 2020-09-15.
How severe is CVE-2020-16098?: Critical severity. CVSS v3 base score is 9.8 out of 10.