CVE-2019-10060

The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
verifoneverix_multi-app_conductor
2.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/VerSprite/research/blob/master/advisories/VS-2019-002.md
https://github.com/VerSprite/research/blob/master/advisories/VS-2019-002.md