Gallagher Command Centre Server Cleartext Storage of Sensitive Information Vulnerability

A vulnerability allowing cleartext storage of sensitive information has been identified in Gallagher Command Centre Server versions 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), and all versions of 8.90 and prior. This vulnerability exists within the Gallagher Morpho integration and could enable an authenticated user with access to the Command Centre Server to export a specific signing key while it is in use. This key could then be used to deploy a compromised or counterfeit device at that site.

Impact

Exploitation of this vulnerability could lead to the unauthorized deployment of compromised or counterfeit devices on sites using the affected Gallagher Command Centre Server versions.

Remediation

Users are advised to follow all applicable guidance in the Command Centre hardening guide. Additionally, ensure that sites are not using the Gallagher Morpho integration, as only those sites are affected by this vulnerability.