CVE-2022-26348
📋 TL;DR
This SQL injection vulnerability in Gallagher Command Centre Server allows attackers to execute arbitrary SQL queries via Windows Registry settings for date fields. Attackers can exploit this through the Visitor Management Kiosk application to extract sensitive information from the database. Affected systems include Gallagher Command Centre versions 8.60 prior to 8.60.1652, 8.50 prior to 8.50.2245, 8.40 prior to 8.40.2216, 8.30 prior to 8.30.1470, and all 8.20 and earlier versions.
💻 Affected Systems
- Gallagher Command Centre Server
📦 What is this software?
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of sensitive credentials, access control data, and system configuration, potentially leading to full system takeover.
Likely Case
Unauthorized data extraction from the Command Centre database, including visitor logs, user information, and system configuration data.
If Mitigated
Limited or no data exposure if proper input validation and registry access controls are implemented.
🎯 Exploit Status
Requires access to Visitor Management Kiosk and ability to modify Windows Registry settings. SQL injection occurs via date field parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 8.60.1652, 8.50.2245, 8.40.2216, 8.30.1470
Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2022-26348
Restart Required: Yes
Instructions:
1. Download appropriate patch version from Gallagher support portal. 2. Backup system and database. 3. Install patch following Gallagher documentation. 4. Restart Command Centre services. 5. Verify installation and functionality.
🔧 Temporary Workarounds
Restrict Registry Access
windowsLimit Windows Registry permissions to prevent unauthorized modifications to Command Centre settings.
regedit -> Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Gallagher\Command Centre -> Right-click -> Permissions -> Restrict access to authorized administrators only
Network Segmentation
allIsolate Visitor Management Kiosk systems from Command Centre servers using network segmentation.
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for all database interactions
- Deploy web application firewall (WAF) with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check Command Centre version via Control Panel -> Programs and Features or using 'gallagher version' command if available.Check Version:
Check Windows Registry at HKEY_LOCAL_MACHINE\SOFTWARE\Gallagher\Command Centre for version information or use system documentation.Verify Fix Applied:
Verify installed version matches or exceeds patched versions: 8.60.1652, 8.50.2245, 8.40.2216, or 8.30.1470.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL query patterns in database logs
- Multiple failed login attempts from kiosk systems
- Registry modification events for Gallagher keys
Network Indicators:
- Unusual database connection patterns from kiosk systems
- Large data transfers from Command Centre database
SIEM Query:
source="database_logs" AND (query="*SELECT*FROM*" OR query="*UNION*SELECT*") AND src_ip="kiosk_network"