Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High (7.6) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2020-28: Undocumented physical access to the system (SBI bootloader memory write)
Fix date: August 1, 2020
Vector: Local
Systems affected: All
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (7.3) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H
PT-2020-27: Undocumented physical access mode (VerixV shell.out)
Fix date: August 1, 2020
Vector: Local
Systems affected: VerixV
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-26: Buffer Overflow in Verix OS core (Run() system call)
Fix date: August 1, 2020
Vector: Local
Systems affected: VerixV
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-24: Integrity and origin control bypass (S1G file generation)
Fix date: August 1, 2020
Vector: Local
Systems affected: VerixV
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
Medium (6.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-23: Multiple arbitrary command injections (file manager, etc.)
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-22: Insecure Permissions (svc_netcontrol arbitrary command injection and privilege escalation)
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-21: Installation of unsigned packages
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.8) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
PT-2020-20: Race condition privilege escalation (secins application RBAC bypass)
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
Medium (7.6) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
PT-2020-19: Buffer overflow via SOCKET_TASK in the NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
High (7.6) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2020-18: Arbitrary code execution via the TRACE protocol (r/w memory)
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-17: Buffer overflow via the ‘RemotePutFile’ command of the NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-16: Buffer overflow via the 0x26 command of the NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Low (2.4) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
PT-2020-15: NTPT3 protocol - file reading restrictions bypass
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Low (3.8) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
PT-2020-14: Undeclared TRACE protocol commands
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (5.1) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
PT-2020-13: Insecure TRACE protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-12: Insecure NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
PT-2020-11: Hardcoded FTP credentials
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (5.1) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
PT-2020-10: Hardcoded PPP credentials
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
High (7.5) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
PT-2020-09: Path Traversal vulnerability in Cisco ASA and Cisco FTD
Fix date: July 22, 2020
Vector: Remote
Systems affected: Cisco ASA
Cisco FTD
Vendor: Cisco
Notification status: February 13, 2020 - Vendor notification date
July 22, 2020 - Security advisory publication date
High (4.9) CVSS:3.1AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2020-07: Arbitrary file reading in Oracle WebLogic Server
Fix date: July 22, 2020
Vector: Remote
Systems affected: Oracle WebLogic Server
Vendor: Oracle
Notification status: April 1, 2020 - Vendor notification date
July 22, 2020 - Security advisory publication date
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Positive Technologies Application Inspector
Editor’s Choice