[VS-2019-002] Buffer Overflow in VMAC for Verix
CVE ID
CVE-2019-10060
CVSS Score
Pending
Vendor
Verifone, Inc.
Product
Verix Multi-app Conductor
Product Version
Ver. 2.7
Vulnerability Details
The Verix Multi-app Conductor application for Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
Credit
Fabius Watson of VerSprite Security (@FabiusArtrel)