Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.
High (7,5) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
PT-2020-31: Denial of service in F5 Traffic Management Microkernel (TMM)
Fix date: December 17, 2020
Vector: Remote
Systems affected: Traffic Management Microkernel (TMM)
Vendor: F5 Networks
Notification status: April 30, 2020 - Vendor notification date
December 17, 2020 - Security advisory publication date
High (9,8) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
PT-2020-30: Multiple code execution in Cisco Integrated Management Controller (CIMC)
Fix date: November 18, 2020
Vector: Remote
Systems affected: Cisco Integrated Management Controller (CIMC)
Vendor: Cisco
Notification status: April 11, 2020 - Vendor notification date
November 18, 2020 - Security advisory publication date
High (9,4) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
PT-2020-29: Denial of service and potential arbitrary code execution in SonicOS
Fix date: October 12, 2020
Vector: Remote
Systems affected: SonicOS
SonicOSv
Vendor: SonicWall
Notification status: June 26, 2020 - Vendor notification date
October 12, 2020 - Security advisory publication date
High (7.6) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2020-28: Undocumented physical access to the system (SBI bootloader memory write)
Fix date: August 1, 2020
Vector: Local
Systems affected: All
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (7.3) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H
PT-2020-27: Undocumented physical access mode (VerixV shell.out)
Fix date: August 1, 2020
Vector: Local
Systems affected: VerixV
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-26: Buffer Overflow in Verix OS core (Run() system call)
Fix date: August 1, 2020
Vector: Local
Systems affected: VerixV
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-24: Integrity and origin control bypass (S1G file generation)
Fix date: August 1, 2020
Vector: Local
Systems affected: VerixV
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
Medium (6.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-23: Multiple arbitrary command injections (file manager, etc.)
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-22: Insecure Permissions (svc_netcontrol arbitrary command injection and privilege escalation)
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
PT-2020-21: Installation of unsigned packages
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
High (8.8) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
PT-2020-20: Race condition privilege escalation (secins application RBAC bypass)
Fix date: August 1, 2020
Vector: Local
Systems affected: MX900
Vendor: Verifone
Notification status: October 1, 2019 - Vendor notification date
August 1, 2020 - Security advisory publication date
Medium (7.6) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
PT-2020-19: Buffer overflow via SOCKET_TASK in the NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
High (7.6) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
PT-2020-18: Arbitrary code execution via the TRACE protocol (r/w memory)
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-17: Buffer overflow via the ‘RemotePutFile’ command of the NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-16: Buffer overflow via the 0x26 command of the NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Low (2.4) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
PT-2020-15: NTPT3 protocol - file reading restrictions bypass
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Low (3.8) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
PT-2020-14: Undeclared TRACE protocol commands
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (5.1) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
PT-2020-13: Insecure TRACE protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PT-2020-12: Insecure NTPT3 protocol
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
PT-2020-11: Hardcoded FTP credentials
Fix date: March 1, 2020
Vector: Remote
Systems affected: Tellium 2
Vendor: Ingenico
Notification status: September 1, 2018 - Vendor notification date
March 1, 2020 - Security advisory publication date
Severity level
Date filters
Date range
Year
Month
Starts:
Year
Month
Ends:
Year
Month
Vendor
Company name
Systems affected
Software name
Reset filter
Positive Technologies Application Inspector
Editor’s Choice