Lucene search

[email protected]CVE-2019-14719

HistoryOct 23, 2020 - 5:15 a.m.

CVE-2019-14719

2020-10-2305:15:13

CWE-77

[email protected]

web.nvd.nist.gov

verifone

pinpad

payment terminals

os 30251000

arbitrary command injections

file manager

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.

Affected configurations

NVD

Node

verifonemx900_firmwareMatch30251000

AND

verifonemx900Match-

CPENameOperatorVersion
verifone:mx900_firmwareverifone mx900 firmwareeq30251000

CPE	Name	Operator	Version
verifone:mx900_firmware	verifone mx900 firmware	eq	30251000

References

www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-23/

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2019-14719

ptsecurity1 nvd1 prion1 cvelist1