Positive TechnologiesPT-2020-24PT-2020-24: Integrity and origin control bypass (S1G file generation)
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%
PT-2020-24: Integrity and origin control bypass (S1G file generation)
Verifone
VerixV
Severity level
Severity level: High
Impact: Integrity and origin control bypass (S1G file generation)
Access Vector: Local
CVSS v3.1:
Base Score: 8.2
Vector: (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
CVE-2019-14712
Advisory status
01.10.2019 - Vendor gets vulnerability details
01.08.2020 - Vendor releases fixed version and details
Credits
The vulnerability was detected by Alex Stennikov, Dmitry Sklyarov, Egor Zaitsev, Positive Research Center (Positive Technologies Company)
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%