PT-2019-11411 · Verix · Verix Multi-App Conductor

Fabius Watson

Published

2019-03-25

Updated

2019-03-28

CVE-2019-10060

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Verix Multi-app Conductor application version 2.7

Description: The issue allows attackers to execute arbitrary code via a long configuration key value, specifically through a buffer overflow. To exploit this, an attacker must have the capability to download files to the device.

Recommendations: For version 2.7, consider restricting access to configuration key values to prevent exploitation until a fix is available. As a temporary workaround, limit the ability to download files to the device to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2019-10060

Affected Products

Verix Multi-App Conductor

PT-2019-11411 · Verix · Verix Multi-App Conductor

CVE-2019-10060

Weakness Enumeration

Related Identifiers

Affected Products

References · 3