CVE-2020-16096
📋 TL;DR
This vulnerability in Gallagher Command Centre allows any operator account to access sensitive data that would be replicated in multi-server environments, including plain text credentials for DVR systems and card details. This affects all Gallagher Command Centre installations with vulnerable versions, potentially exposing physical security systems.
💻 Affected Systems
- Gallagher Command Centre
📦 What is this software?
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to plain text credentials for DVR systems and physical access card details, enabling them to compromise physical security systems, disable surveillance, and gain unauthorized physical access to facilities.
Likely Case
Malicious insiders or compromised operator accounts access sensitive data including credentials and card details, potentially leading to physical security breaches and surveillance system compromise.
If Mitigated
With proper access controls and network segmentation, impact is limited to authorized operators only, though sensitive data exposure risk remains.
🎯 Exploit Status
Exploitation requires operator-level access but is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.10.1134(MR4), 8.00.1161(MR5), 7.90.991(MR5), 7.80.960(MR2)
Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2020-16096
Restart Required: Yes
Instructions:
1. Download appropriate patch version from Gallagher support portal. 2. Backup current configuration. 3. Apply patch following Gallagher documentation. 4. Restart Command Centre services. 5. Verify patch installation and functionality.
🔧 Temporary Workarounds
Restrict Operator Access
allLimit operator accounts to only necessary personnel and implement least privilege principles.
Network Segmentation
allIsolate Command Centre systems from other networks to limit attack surface.
🧯 If You Can't Patch
- Implement strict access controls and audit all operator account activities
- Segment Command Centre systems and monitor for unusual data access patterns
🔍 How to Verify
Check if Vulnerable:
Check Command Centre version in system settings or administration interface against affected version ranges.Check Version:
Check via Command Centre web interface under System Information or Administration settings.Verify Fix Applied:
Verify version number matches or exceeds patched versions: 8.10.1134(MR4), 8.00.1161(MR5), 7.90.991(MR5), or 7.80.960(MR2).📡 Detection & Monitoring
Log Indicators:
- Unusual operator account accessing replication data or sensitive configuration files
- Multiple failed authentication attempts followed by successful operator login
Network Indicators:
- Unusual data transfers from Command Centre to unauthorized systems
- Traffic patterns indicating data exfiltration
SIEM Query:
source="command_centre" AND (event_type="data_access" OR event_type="replication_access") AND user_role="operator"