PT-2020-8627 · Ingenico · Ingenico Telium 2
Aleksey Stennikov
+5
·
Published
2020-09-09
·
Updated
2022-10-07
·
CVE-2018-17773
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N
Description:
The issue is a buffer overflow via SOCKET TASK in the NTPT3 protocol. This buffer overflow can be exploited, but details about real-world incidents or the estimated number of potentially affected devices are not provided. The buffer overflow occurs in the NTPT3 protocol, which is used by the Ingenico Telium 2 POS terminals.
Recommendations:
For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the SOCKET TASK in the NTPT3 protocol until the patch is applied.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ingenico Telium 2