CVE-2021-23140 – This vulnerability allows unauthorized Command ... (How to Fix)

Q: What is the severity of CVE-2021-23140?

CVE-2021-23140 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows unauthorized Command Centre Operators to modify command line macros in Gallagher Command Centre Server, potentially executing arbitrary commands. It affects Gallagher Command Centre versions 8.10 and prior, 8.20 before 8.20.1259 (MR5), 8.30 before 8.30.1359 (MR3), and 8.40 before 8.40.1888 (MR3).

📋 TL;DR

This vulnerability allows unauthorized Command Centre Operators to modify command line macros in Gallagher Command Centre Server, potentially executing arbitrary commands. It affects Gallagher Command Centre versions 8.10 and prior, 8.20 before 8.20.1259 (MR5), 8.30 before 8.30.1359 (MR3), and 8.40 before 8.40.1888 (MR3).

💻 Affected Systems

Products:

Gallagher Command Centre Server

Versions: 8.10 and prior, 8.20 before 8.20.1259 (MR5), 8.30 before 8.30.1359 (MR3), 8.40 before 8.40.1888 (MR3)

Operating Systems: Windows Server (typically)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Command Centre Server installations with operator accounts; physical access control systems may be impacted.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands with server privileges, potentially gaining full control over the physical security system.

🟠

Likely Case

Unauthorized operators gaining elevated privileges to modify system configurations, execute commands, or disrupt security operations.

🟢

If Mitigated

Limited impact if proper access controls and network segmentation are implemented, restricting unauthorized operator access.

🌐 Internet-Facing: HIGH if exposed to internet without proper controls, as it could allow remote attackers to compromise the security system.

🏢 Internal Only: HIGH as internal unauthorized operators could exploit this to gain elevated privileges and compromise the security infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires operator-level access but no authentication bypass; exploitation is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.40.1888 (MR3), 8.30.1359 (MR3), 8.20.1259 (MR5)

Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2021-23140

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Gallagher support portal. 2. Backup system configuration. 3. Apply patch following Gallagher installation guide. 4. Restart Command Centre Server services.

🔧 Temporary Workarounds

Restrict Operator Access

all

Limit operator accounts to only trusted personnel and implement least privilege access controls.

Network Segmentation

all

Isolate Command Centre Server from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

Implement strict access controls and audit all operator activities regularly.
Segment the network to isolate Command Centre Server and monitor for suspicious macro modifications.

🔍 How to Verify

Check if Vulnerable:

Check Command Centre version in administration console or via version file in installation directory.

Check Version:

Check 'Help > About' in Command Centre GUI or examine version.txt in installation folder.

Verify Fix Applied:

Verify version is updated to patched version and test operator permissions for macro modification.

📡 Detection & Monitoring

Log Indicators:

Unauthorized macro modification attempts in Command Centre logs
Unexpected command execution events

Network Indicators:

Unusual network traffic from Command Centre Server to unexpected destinations

SIEM Query:

source="command_centre" AND (event="macro_modification" OR event="command_execution") AND user NOT IN authorized_operators

📊 Metadata

CVE ID: CVE-2021-23140

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CWE: CWE-285

Published: June 11, 2021

Last Updated: November 21, 2024

🔗 References

https://security.gallagher.com/Security-Advisories/CVE-2021-23140 Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2021-23140 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-23140, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

Command Centre by Gallagher

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Operator Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities