Maksim Kozhevnikov

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue concerns an insecure NTPT3 protocol in Ingenico Telium 2 POS terminals. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue concerns undeclared TRACE protocol commands in Ingenico Telium 2 POS terminals. This problem is resolved in Telium 2 SDK v9.32.03 patch N. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS Telium2 OS versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue allows bypass of file-reading restrictions via the NTPT3 protocol. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue concerns hardcoded PPP credentials in Ingenico Telium 2 POS terminals. This allows unauthorized access. The problem is resolved in Telium 2 SDK v9.32.03 patch N. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to fix the hardcoded PPP credentials issue.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue concerns an insecure TRACE protocol in Ingenico Telium 2 POS terminals. This problem is resolved in Telium 2 SDK v9.32.03 patch N. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider disabling the TRACE protocol until the patch is applied.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue is a buffer overflow via the 0x26 command of the NTPT3 protocol. This protocol is used in Ingenico Telium 2 POS terminals. The buffer overflow can be exploited, but details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited are not provided. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the 0x26 command of the NTPT3 protocol until the patch is applied.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue is a buffer overflow that occurs via the `RemotePutFile` command of the NTPT3 protocol. This buffer overflow is fixed in Telium 2 SDK v9.32.03 patch N. Recommendations: For Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the `RemotePutFile` command of the NTPT3 protocol until the update is applied.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue concerns hardcoded FTP credentials in Ingenico Telium 2 POS terminals. This allows unauthorized access. The problem is fixed in Telium 2 SDK v9.32.03 patch N. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the FTP credentials until the patch is applied.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue allows for arbitrary code execution via the TRACE protocol. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N Description: The issue is a buffer overflow via SOCKET TASK in the NTPT3 protocol. This buffer overflow can be exploited, but details about real-world incidents or the estimated number of potentially affected devices are not provided. The buffer overflow occurs in the NTPT3 protocol, which is used by the Ingenico Telium 2 POS terminals. Recommendations: For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the SOCKET TASK in the NTPT3 protocol until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** McAfee Application Control versions 6.x through 7.0 **Description** The issue is related to insufficient access control in McAfee Application Control, allowing local attackers to potentially escalate privileges, cause denial of service, or execute unauthorized code using an IOCTL call. **Recommendations** For versions 6.x through 7.0, update to a version that includes a fix for the privilege escalation vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.