CVE-2013-2571

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.

Ссылки

http://www.exploit-db.com/exploits/25987
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/60359
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/84761
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/121917/Xpient-POS-Iris-3.8-Cash-Drawer-Operation-Remote-Trigger.html
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/25987
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/60359
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/84761
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/121917/Xpient-POS-Iris-3.8-Cash-Drawer-Operation-Remote-Trigger.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hcomm:xpient_iris:*:*:*:*:*:*:*:*

Версия до 3.8 (включая)

EPSS

Процентиль: 98%

0.62054

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-3gfr-cm88-25f2

github

почти 4 года назад