PT-2020-16907 · Pax · Prolinos+1

Published

2020-11-01

Updated

2020-11-17

CVE-2020-28044

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PAX Point Of Sale device with ProlinOS versions through 2.4.161.8859R

Description An attacker with physical access to the device can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.

Recommendations For PAX Point Of Sale device with ProlinOS versions through 2.4.161.8859R, consider restricting physical access to the device to prevent exploitation, and avoid enabling the XCB service unless necessary. As a temporary workaround, consider disabling the XCB service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-28044

Affected Products

Pax Point Of Sale

Prolinos

PT-2020-16907 · Pax · Prolinos+1

CVE-2020-28044

Weakness Enumeration

Related Identifiers

Affected Products

References · 5