CVE-2021-23146
📋 TL;DR
This vulnerability allows attackers to bypass PIV (Personal Identity Verification) authentication in Gallagher Command Centre security systems by exploiting an incomplete comparison mechanism. It affects Gallagher Command Centre versions 8.40 prior to 8.40.1888, 8.30 prior to 8.30.1359, 8.20 prior to 8.20.1259, 8.10 prior to 8.10.1284, and all 8.00 and earlier versions. Organizations using these systems for physical access control are at risk.
💻 Affected Systems
- Gallagher Command Centre
📦 What is this software?
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain unauthorized physical access to secure facilities by bypassing PIV card authentication, potentially compromising sensitive areas, assets, or personnel.
Likely Case
Unauthorized individuals bypass PIV verification to access restricted areas they shouldn't have access to, violating physical security controls.
If Mitigated
With proper network segmentation and monitoring, unauthorized access attempts can be detected and contained before physical access is achieved.
🎯 Exploit Status
Exploitation requires understanding of PIV verification mechanisms and access to the authentication process. No public exploit code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.40.1888 (MR3), 8.30.1359 (MR3), 8.20.1259 (MR5), 8.10.1284 (MR7)
Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2021-23146
Restart Required: Yes
Instructions:
1. Download the appropriate patch from Gallagher support portal. 2. Backup current configuration. 3. Apply the patch following Gallagher's installation guide. 4. Restart the Command Centre server. 5. Verify PIV authentication is functioning correctly.
🔧 Temporary Workarounds
Temporary PIV Disablement
allDisable PIV authentication temporarily and use alternative authentication methods until patching can be completed.
🧯 If You Can't Patch
- Implement additional physical security controls (guards, secondary authentication) at vulnerable access points
- Increase monitoring and logging of access control events to detect unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check Command Centre version in the administration interface. If version is 8.40 prior to 8.40.1888, 8.30 prior to 8.30.1359, 8.20 prior to 8.20.1259, 8.10 prior to 8.10.1284, or any 8.00/earlier version, the system is vulnerable.Check Version:
Check via Gallagher Command Centre admin interface under System Information or About sections.Verify Fix Applied:
After patching, verify the version shows as patched (e.g., 8.40.1888 or higher). Test PIV authentication with known good and bad credentials to ensure proper verification.📡 Detection & Monitoring
Log Indicators:
- Failed PIV authentication attempts followed by successful access
- Unusual patterns of PIV card usage
- Access events from unexpected locations or times
Network Indicators:
- Unusual authentication traffic patterns to the Command Centre server
- Multiple authentication attempts in short timeframes
SIEM Query:
source="gallagher_command_centre" AND (event_type="authentication" AND result="success") AND (previous_event="authentication_failure" within 5 minutes)