VYPR

Vendor CVEs

Gallagher

All CVEs

71 total · sorted by risk
  • CVE-2025-35981MedOct 23, 2025
    risk 0.36cvss 5.5epss 0.00

    Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server:…

  • CVE-2025-46406MedJul 10, 2025
    risk 0.36cvss 5.6epss 0.00

    A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary. This issue affects Command Centre Server: 9.30 prior to…

  • CVE-2023-46686MedDec 18, 2023
    risk 0.36cvss 5.5epss 0.01

    A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. This issue affects: Gallagher Diagnostics Service prior to v1.3.0…

  • CVE-2020-7215MedJan 20, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any…

  • CVE-2019-19801MedJan 17, 2020
    risk 0.36cvss 5.5epss 0.00

    In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command…

  • CVE-2023-23570MedDec 18, 2023
    risk 0.35cvss 5.4epss 0.01

    Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. This issue affects: Gallagher Command Centre 8.90 prior to vEL8.90.1620 (MR2), all versions of 8.80 and prior.

  • CVE-2021-23197MedNov 18, 2021
    risk 0.34cvss 5.2epss 0.00

    Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;

  • CVE-2024-41146MedDec 12, 2024
    risk 0.30cvss 4.6epss 0.00

    Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device…

  • CVE-2024-39808MedSep 11, 2024
    risk 0.30cvss 4.6epss 0.00

    Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and…

  • CVE-2024-23485MedJul 11, 2024
    risk 0.30cvss 4.6epss 0.00

    Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access.  This issue…

  • CVE-2025-44003MedJul 10, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior…

  • CVE-2023-23584MedDec 18, 2023
    risk 0.28cvss 4.3epss 0.01

    An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior…

  • CVE-2023-23576MedDec 18, 2023
    risk 0.28cvss 4.3epss 0.00

    Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in the access decision. This issue affects: Gallagher Command Centre: 8.90 prior…

  • CVE-2023-23568MedJul 25, 2023
    risk 0.28cvss 4.3epss 0.00

    Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to …

  • CVE-2020-16099MedSep 15, 2020
    risk 0.28cvss 4.3epss 0.01

    In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possible to create Guard Tour events that when accessed via things like reporting cause clients to temporarily hang or disconnect.

  • CVE-2024-23194LowJul 11, 2024
    risk 0.21cvss 3.3epss 0.00

    Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 (MR1).

  • CVE-2023-22439LowDec 18, 2023
    risk 0.20cvss 3.1epss 0.01

    Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic web interface. This issue affects: Gallagher Controller 6000 and 7000 8.90…

  • CVE-2025-64734LowNov 18, 2025
    risk 0.16cvss 2.4epss 0.00

    Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command…

  • CVE-2023-41967LowDec 18, 2023
    risk 0.16cvss 2.4epss 0.00

    Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web…

  • CVE-2026-20801Mar 3, 2026
    risk 0.00cvss epss 0.00

    Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher…

  • CVE-2026-20757Mar 3, 2026
    risk 0.00cvss epss 0.00

    Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382…

Page 2 of 2