Lucene search

[email protected]CVE-2019-14718

HistoryOct 23, 2020 - 5:15 a.m.

CVE-2019-14718

2020-10-2305:15:12

CWE-276

[email protected]

web.nvd.nist.gov

verifone

mx900

pinpad

payment terminals

os 30251000

insecure permissions

command injection

privilege escalation

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

Affected configurations

NVD

Node

verifonemx900_firmwareMatch30251000

AND

verifonemx900Match-

CPENameOperatorVersion
verifone:mx900_firmwareverifone mx900 firmwareeq30251000

CPE	Name	Operator	Version
verifone:mx900_firmware	verifone mx900 firmware	eq	30251000

References

www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-22/

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2019-14718

cvelist1 prion1 ptsecurity1 nvd1