Threatscape

All the following vulnerabilities were discovered either by Positive Research experts or by automated security products from Positive Technologies, including MaxPatrol and PT Application Inspector.

High (6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

Fix date:	no patches available
Vector:	Local
Systems affected:	RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM)
Vendor:	Diebold-Nixdorf
Notification status:	July, 2021 - Vendor notification date

High (6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

PT-2021-01: ncryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

Fix date:	no patches available
Vector:	Local
Systems affected:	CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM)
Vendor:	Diebold-Nixdorf
Notification status:	July, 2021 - Vendor notification date

High (7,5) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

PT-2020-31: Denial of service in F5 Traffic Management Microkernel (TMM)

Fix date:	December 17, 2020
Vector:	Remote
Systems affected:	Traffic Management Microkernel (TMM)
Vendor:	F5 Networks
Notification status:	April 30, 2020 - Vendor notification date December 17, 2020 - Security advisory publication date

High (9,8) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

PT-2020-30: Multiple code execution in Cisco Integrated Management Controller (CIMC)

Fix date:	November 18, 2020
Vector:	Remote
Systems affected:	Cisco Integrated Management Controller (CIMC)
Vendor:	Cisco
Notification status:	April 11, 2020 - Vendor notification date November 18, 2020 - Security advisory publication date

High (9,4) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

PT-2020-29: Denial of service and potential arbitrary code execution in SonicOS

Fix date:	October 12, 2020
Vector:	Remote
Systems affected:	SonicOS SonicOSv
Vendor:	SonicWall
Notification status:	June 26, 2020 - Vendor notification date October 12, 2020 - Security advisory publication date

High (7.6) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

PT-2020-28: Undocumented physical access to the system (SBI bootloader memory write)

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	All
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

High (7.3) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H

PT-2020-27: Undocumented physical access mode (VerixV shell.out)

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	VerixV
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

PT-2020-26: Buffer Overflow in Verix OS core (Run() system call)

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	VerixV
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

PT-2020-24: Integrity and origin control bypass (S1G file generation)

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	VerixV
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

Medium (6.3) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

PT-2020-23: Multiple arbitrary command injections (file manager, etc.)

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	MX900
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

PT-2020-22: Insecure Permissions (svc_netcontrol arbitrary command injection and privilege escalation)

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	MX900
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

High (8.2) CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

PT-2020-21: Installation of unsigned packages

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	MX900
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

High (8.8) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

PT-2020-20: Race condition privilege escalation (secins application RBAC bypass)

Fix date:	August 1, 2020
Vector:	Local
Systems affected:	MX900
Vendor:	Verifone
Notification status:	October 1, 2019 - Vendor notification date August 1, 2020 - Security advisory publication date

Medium (7.6) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

PT-2020-19: Buffer overflow via SOCKET_TASK in the NTPT3 protocol

Fix date:	March 1, 2020
Vector:	Remote
Systems affected:	Tellium 2
Vendor:	Ingenico
Notification status:	September 1, 2018 - Vendor notification date March 1, 2020 - Security advisory publication date

High (7.6) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

PT-2020-18: Arbitrary code execution via the TRACE protocol (r/w memory)

Fix date:	March 1, 2020
Vector:	Remote
Systems affected:	Tellium 2
Vendor:	Ingenico
Notification status:	September 1, 2018 - Vendor notification date March 1, 2020 - Security advisory publication date

Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

PT-2020-17: Buffer overflow via the ‘RemotePutFile’ command of the NTPT3 protocol

Fix date:	March 1, 2020
Vector:	Remote
Systems affected:	Tellium 2
Vendor:	Ingenico
Notification status:	September 1, 2018 - Vendor notification date March 1, 2020 - Security advisory publication date

Medium (4.9) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

PT-2020-16: Buffer overflow via the 0x26 command of the NTPT3 protocol

Fix date:	March 1, 2020
Vector:	Remote
Systems affected:	Tellium 2
Vendor:	Ingenico
Notification status:	September 1, 2018 - Vendor notification date March 1, 2020 - Security advisory publication date

Low (2.4) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

PT-2020-15: NTPT3 protocol - file reading restrictions bypass

Fix date:	March 1, 2020
Vector:	Remote
Systems affected:	Tellium 2
Vendor:	Ingenico
Notification status:	September 1, 2018 - Vendor notification date March 1, 2020 - Security advisory publication date

Low (3.8) CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PT-2020-14: Undeclared TRACE protocol commands

Fix date:	March 1, 2020
Vector:	Remote
Systems affected:	Tellium 2
Vendor:	Ingenico
Notification status:	September 1, 2018 - Vendor notification date March 1, 2020 - Security advisory publication date

Medium (5.1) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

PT-2020-13: Insecure TRACE protocol

Fix date:	March 1, 2020
Vector:	Remote
Systems affected:	Tellium 2
Vendor:	Ingenico
Notification status:	September 1, 2018 - Vendor notification date March 1, 2020 - Security advisory publication date

Severity level

All levels

High

Medium

Low

Date filters

Date range

Year Year

Month Month

Starts:

Year Year

Month Month

Ends:

Year Year

Month Month

Vendor

Company name Company name

Systems affected

Software name Software name

Show threats with CVE-ID

Reset filter

Editor’s Choice

June 7, 2021 Positive Research 2021
December 7, 2020 Positive Research 2020
June 17, 2020 Vulnerabilities and threats in mobile banking