Refine your search

1 vulnerability found for NxWitness VMS and Hanwha VMS Integrations by Gallagher

CVE-2026-20801 (GCVE-0-2026-20801)
Vulnerability from cvelistv5
Published
2026-03-03 02:41
Modified
2026-03-03 16:30
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Summary
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
References
Impacted products
Vendor Product Version
Gallagher NxWitness VMS and Hanwha VMS Integrations Version: 0   < 9.10.017
Version: 0   < 9.10.025
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20801",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-03T16:27:35.448713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T16:30:31.016Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "NxWitness VMS and Hanwha VMS Integrations",
          "vendor": "Gallagher",
          "versions": [
            {
              "lessThan": "9.10.017",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.10.025",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCleartext Transmission of Sensitive Information (CWE-319) in\u003c/span\u003e\u003cstrong\u003e\u0026nbsp;\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ea component used in the Gallagher \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHanwha VMS and Gallagher NxWitness VMS integrations\u003c/span\u003e\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows unprivileged users with local network access to view live video streams. \u003c/span\u003e\n\n \n\n\u003cp\u003eThis issue affects a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ell versions of \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.\u003c/span\u003e\u003cbr\u003e\n\n\u003c/p\u003e"
            }
          ],
          "value": "Cleartext Transmission of Sensitive Information (CWE-319) in\u00a0a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations\u00a0allows unprivileged users with local network access to view live video streams. \n\n \n\nThis issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T02:41:10.357Z",
        "orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
        "shortName": "Gallagher"
      },
      "references": [
        {
          "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
    "assignerShortName": "Gallagher",
    "cveId": "CVE-2026-20801",
    "datePublished": "2026-03-03T02:41:10.357Z",
    "dateReserved": "2026-03-01T23:45:09.734Z",
    "dateUpdated": "2026-03-03T16:30:31.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}