PT-2020-22: Insecure Permissions (svc_netcontrol arbitrary command injection and privilege escalation) Verifone MX900 Severity level Severity level: High Impact: Insecure Permissions (svc_netcontrol arbitrary command injection and privilege escalation) Access Vector: Local CVSS v3.1 Base Score: 8.2 Vector: (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) CVE-2019-14718 Advisory status 01.10.2019 - Vendor gets vulnerability details 01.08.2020 - Vendor releases fixed version and details Credits The vulnerability was detected by Alex Stennikov, Dmitry Sklyarov, Egor Zaitsev, Positive Research Center (Positive Technologies Company)