exploitDog

CVE-2020-28044

Опубликовано: 02 нояб. 2020

Источник: nvd

CVSS3: 6.8

CVSS2: 7.2

EPSS Низкий

Описание

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.

Ссылки

https://git.lsd.cat/g/pax-pwn
Third Party Advisory
https://git.lsd.cat/g/pax-pwn
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:pax:prolinos:*:*:*:*:*:*:*:*

Версия до 2.4.161.8859r (включая)

EPSS

Процентиль: 27%

0.00094

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-x4q6-fxmg-xgcv

github

больше 3 лет назад

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.

EPSS

Процентиль: 27%

0.00094

Низкий

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-276