PT-2020-18: Arbitrary code execution via the TRACE protocol (r/w memory)

HIGH
(7.6) CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
THREATSCAPE

Analytics articles

What are the security threats on your network?

Check your traffic-for free
Request pilot

Vulnerable software

Ingenico
Tellium 2

Severity level

Severity level: High
Impact: Arbitrary code execution via the TRACE protocol (r/w memory)
Access Vector: Remote

CVSS v3.1:
Base Score: 7.6
Vector: (AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVE-2018-17772

Advisory status

01.09.2018 - Vendor gets vulnerability details
01.03.2020 - Vendor releases fixed version and details

Credits

The vulnerability was detected by Dmitry Sklyarov, Alexey Stennikov, Vladimir Kononovich, Georgy Zaytsev, Maxim Kozhevnikov, Positive Research Center (Positive Technologies Company)

Identifier:
CVE-2018-17772
Vendor:
Ingenico
Vulnerable product:
Tellium 2

Get in touch

Fill in the form and our specialists
will contact you shortly