CVE-2024-41724
📋 TL;DR
This vulnerability allows attackers to spoof the SALTO server in Gallagher Command Centre systems due to improper certificate validation. Attackers could intercept or manipulate communications between the Command Centre and SALTO access control systems. All organizations using Gallagher Command Centre versions prior to 9.20.1043 with SALTO integration are affected.
💻 Affected Systems
- Gallagher Command Centre
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of access control system allowing unauthorized physical access, credential theft, or disabling of security systems.
Likely Case
Man-in-the-middle attacks intercepting or modifying access control communications, potentially granting unauthorized access to secured areas.
If Mitigated
Limited impact with proper network segmentation and monitoring, though certificate validation failures could still cause service disruptions.
🎯 Exploit Status
Exploitation requires network access to Command Centre-SALTO communication path and ability to spoof certificates. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.20.1043 or later
Vendor Advisory: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-41724
Restart Required: No
Instructions:
1. Download Gallagher Command Centre version 9.20.1043 or later from Gallagher portal. 2. Run installer on Command Centre server. 3. Verify SALTO integration functionality post-upgrade.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Command Centre and SALTO server communications to trusted network segments only
Certificate Pinning
allManually configure certificate validation for SALTO server if supported
🧯 If You Can't Patch
- Implement strict network segmentation between Command Centre and SALTO systems
- Monitor for unusual certificate validation failures or unexpected SALTO server connections
🔍 How to Verify
Check if Vulnerable:
Check Command Centre version in administration console. If version is below 9.20.1043 and SALTO integration is enabled, system is vulnerable.Check Version:
Check Gallagher Command Centre administration console → System Information → VersionVerify Fix Applied:
Verify Command Centre version is 9.20.1043 or higher and test SALTO integration functionality.📡 Detection & Monitoring
Log Indicators:
- Certificate validation failures in Command Centre logs
- Unexpected SALTO server connection attempts
- SSL/TLS handshake errors with SALTO endpoints
Network Indicators:
- Unusual traffic patterns between Command Centre and non-standard SALTO servers
- SSL/TLS certificate mismatches in network traffic
SIEM Query:
source="gallagher_command_centre" AND (event_type="certificate_error" OR event_type="ssl_handshake_failure")