CVE-2024-21815
📋 TL;DR
Authenticated but unprivileged users can access insufficiently protected credentials for third-party DVR integrations in Gallagher Command Centre. This allows unauthorized access to DVR systems and affects all Gallagher Command Centre versions 8.60 and prior, plus specific vulnerable versions up to 9.00.
💻 Affected Systems
- Gallagher Command Centre
📦 What is this software?
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
Command Centre by Gallagher
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control of integrated DVR systems, potentially accessing sensitive video footage, manipulating recordings, or using DVRs as pivot points into other systems.
Likely Case
Unauthorized users access DVR credentials, leading to surveillance system compromise, privacy violations, and potential physical security bypass.
If Mitigated
With proper access controls and network segmentation, impact is limited to credential exposure without direct DVR access.
🎯 Exploit Status
Exploitation requires authenticated access but no special privileges; credential access is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: vEL9.00.1774 (MR2) for 9.00; vEL8.90.1751 (MR3) for 8.90; vEL8.80.1526 (MR4) for 8.80; vEL8.70.2526 (MR6) for 8.70; 8.60 requires upgrade to newer version
Vendor Advisory: https://security.gallagher.com/Security-Advisories/CVE-2024-21815
Restart Required: Yes
Instructions:
1. Backup system configuration. 2. Download appropriate patch version from Gallagher support portal. 3. Apply patch following Gallagher upgrade procedures. 4. Restart Command Centre services. 5. Verify patch installation and system functionality.
🔧 Temporary Workarounds
Restrict User Access
allLimit authenticated user accounts to only necessary personnel and implement least privilege access controls.
Network Segmentation
allIsolate Command Centre server and DVR systems on separate network segments with strict firewall rules.
🧯 If You Can't Patch
- Implement strict access controls and audit all user accounts with Command Centre access.
- Disconnect or disable third-party DVR integrations until patching is possible.
🔍 How to Verify
Check if Vulnerable:
Check Command Centre version against affected versions list; verify if third-party DVR integrations are configured.Check Version:
Check version in Command Centre web interface under System Information or via Gallagher diagnostic tools.Verify Fix Applied:
Confirm version is updated to patched version; test that authenticated unprivileged users cannot access DVR credentials.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to DVR credential storage
- Multiple failed authentication attempts followed by credential access
Network Indicators:
- Unusual connections from Command Centre server to DVR systems
- Traffic patterns suggesting credential harvesting
SIEM Query:
source="command_centre" AND (event_type="credential_access" OR user_privilege="low" AND resource="dvr_credentials")