CVE-2020-16100

CVSS 7.5 HIGHEPSS 1.0%CWE-404

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.5EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

15 sep 2020Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket (Configuration Client) connections. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Productos afectados

Gallagher · Command Centre

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://security.gallagher.com/Security-Advisories/CVE-2020-16100