CVE-2021-23146
CVE-2021-23146
In short
A flaw in Gallagher Controller's verification logic allows attackers to bypass PIV (Personal Identity Verification) security checks. This means unauthorized users could gain access to systems that should require proper identification.
Technical detail
An incomplete comparison vulnerability in the PIV verification mechanism fails to validate all required factors, allowing attackers to circumvent authentication controls. The vulnerability affects multiple versions of Gallagher Command Centre and requires access to the Controller; successful exploitation results in authentication bypass.
Summary generated and translated by AI from the official description.
An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Affected products
Gallagher · Command CenterWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →