CVE-2020-16100 — HIGH (7.5)

Q: How severe is CVE-2020-16100?

CVE-2020-16100 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-16100?

Check the references section above for vendor advisories and patch information. Affected products include: Gallagher Command Centre.

Vulnerability Description

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gallagher	Command Centre	>= 8.00, < 8.00.1228

Related Weaknesses (CWE)

CWE-404

References

https://security.gallagher.com/Security-Advisories/CVE-2020-16100Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2020-16100Vendor Advisory

FAQ

What is CVE-2020-16100?

CVE-2020-16100 is a vulnerability with a CVSS score of 7.5 (HIGH). It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing ...

How severe is CVE-2020-16100?

CVE-2020-16100 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-16100?

Check the references section above for vendor advisories and patch information. Affected products include: Gallagher Command Centre.