CVE-2020-16097
Last modified
CVE-2020-16097 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gallagher | Command Centre | >= 7.90, < 7.90.1038 |
| Gallagher | Command Centre | >= 8.00, < 8.00.1228 |
| Gallagher | Command Centre | >= 8.10, < 8.10.1211 |
| Gallagher | Command Centre | >= 8.20, < 8.20.1093 |
| Gallagher | Command Centre | 7.90.1038 |
| Gallagher | Command Centre | 8.00.1228 |
| Gallagher | Command Centre | 8.10.1211 |
| Gallagher | Command Centre | 8.20.1093 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-16097?
How severe is CVE-2020-16097?
How do I fix CVE-2020-16097?
Are you affected by CVE-2020-16097?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST