CVE-2021-23204
📋 TL;DR
This vulnerability exposes OSDP key material to unauthorized Command Centre Operators in Gallagher Command Centre Server, potentially allowing them to access sensitive security system data. It affects Gallagher Command Centre versions 8.40 prior to 8.40.1888 (MR3) and 8.30 prior to 8.30.1359 (MR3).
💻 Affected Systems
- Gallagher Command Centre Server
📦 What is this software?
Command Centre by Gallagher
Command Centre by Gallagher
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized operators could obtain cryptographic keys used for OSDP communication, potentially enabling them to intercept, manipulate, or disrupt physical access control communications between controllers and readers.
Likely Case
Authorized operators with elevated privileges could access sensitive key material they shouldn't have access to, potentially compromising the integrity of physical access control systems.
If Mitigated
With proper access controls and monitoring, exposure would be limited to authorized personnel only, though still violating principle of least privilege.
🎯 Exploit Status
Exploitation requires authenticated access to the Command Centre operator interface. The vulnerability appears to be an information exposure through the normal interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.40.1888 (MR3) for 8.40 branch; 8.30.1359 (MR3) for 8.30 branch
Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2021-23204
Restart Required: Yes
Instructions:
1. Download the appropriate patch from Gallagher support portal. 2. Backup Command Centre configuration. 3. Apply the patch following Gallagher's installation instructions. 4. Restart the Command Centre Server service. 5. Verify the patch was applied successfully.
🔧 Temporary Workarounds
Restrict Operator Access
allLimit access to Command Centre interface to only essential personnel and implement principle of least privilege for operator roles.
Network Segmentation
allIsolate Command Centre Server from general network access and restrict connections to authorized management stations only.
🧯 If You Can't Patch
- Implement strict access controls and audit logging for all Command Centre operator activities
- Monitor for unusual access patterns to OSDP configuration sections and review operator privilege assignments
🔍 How to Verify
Check if Vulnerable:
Check Command Centre version in Help > About. If version is 8.40.x where x < 1888, or 8.30.x where x < 1359, the system is vulnerable.Check Version:
Check via Command Centre GUI: Help > About, or check Windows registry at HKEY_LOCAL_MACHINE\SOFTWARE\Gallagher\Command Centre\VersionVerify Fix Applied:
Verify version shows 8.40.1888 or higher for 8.40 branch, or 8.30.1359 or higher for 8.30 branch. Test that OSDP key material is no longer visible to unauthorized operators.📡 Detection & Monitoring
Log Indicators:
- Unusual access to OSDP configuration sections
- Multiple failed authentication attempts followed by successful login
- Operator account accessing sensitive configuration areas
Network Indicators:
- Unusual network traffic patterns to/from Command Centre Server
- Access from unauthorized IP addresses
SIEM Query:
source="command-centre-logs" AND (event_type="config_access" AND config_section="osdp" OR event_type="auth_success" FROM new_ip)