CVE-2020-16102
📋 TL;DR
An unauthenticated remote attacker can exploit improper authentication in Gallagher Command Centre Server to create items with invalid configuration, causing server crashes and preventing restart. This affects Gallagher Command Centre versions 7.90 and prior through 8.30 versions before 8.30.1299(MR2). Organizations using these versions for physical security management are at risk.
💻 Affected Systems
- Gallagher Command Centre Server
📦 What is this software?
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service where the Command Centre server crashes and cannot restart, disabling physical access control systems including door locks, alarms, and surveillance integration.
Likely Case
Service disruption requiring manual intervention to restart servers, potentially causing temporary loss of physical security monitoring and control capabilities.
If Mitigated
Limited impact if servers are behind firewalls with restricted network access and proper authentication controls are implemented.
🎯 Exploit Status
The vulnerability is in the authentication mechanism (CWE-287), allowing unauthenticated attackers to bypass authentication checks when creating items with invalid configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.30.1299(MR2), 8.20.1218(MR4), 8.10.1253(MR6), 8.00.1252(MR7), or later versions
Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2020-16102
Restart Required: Yes
Instructions:
1. Download the appropriate patch from Gallagher support portal. 2. Backup current configuration and database. 3. Apply the patch following Gallagher's installation guide. 4. Restart the Command Centre Server service. 5. Verify the server is running and accessible.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Command Centre Server to only trusted management networks and required client systems.
Configure firewall rules to allow only specific IP addresses/subnets to access Command Centre Server ports (typically 8080, 8443)
Authentication Proxy
allPlace an authentication proxy or reverse proxy in front of Command Centre Server to require authentication before reaching the vulnerable endpoint.
Configure nginx/apache reverse proxy with authentication: location /commandcentre { proxy_pass http://commandcentre:8080; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/.htpasswd; }
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with the Command Centre Server
- Monitor server logs for unexpected item creation attempts and implement alerting for server restart events
🔍 How to Verify
Check if Vulnerable:
Check Command Centre Server version via the web interface (Help > About) or Windows Services console. Compare against affected version ranges.Check Version:
In Command Centre web interface: navigate to Help > About, or check Windows Services for Gallagher Command Centre versionVerify Fix Applied:
Verify version is 8.30.1299(MR2) or later, 8.20.1218(MR4) or later, 8.10.1253(MR6) or later, or 8.00.1252(MR7) or later. Test that the server remains stable when receiving malformed item creation requests.📡 Detection & Monitoring
Log Indicators:
- Unexpected server crashes or restarts
- Failed authentication attempts followed by item creation requests
- Error logs containing invalid configuration parsing errors
Network Indicators:
- Unusual traffic patterns to Command Centre Server from unexpected sources
- Multiple item creation requests from single IP addresses
SIEM Query:
source="commandcentre.log" AND ("crash" OR "restart" OR "invalid configuration") OR source="firewall.log" AND dest_port=8080 AND NOT src_ip IN [trusted_ips]