An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-01T17:39:38

Updated: 2024-08-04T16:33:56.910Z

Reserved: 2020-11-01T00:00:00

Link: CVE-2020-28044

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-11-02T21:15:31.460

Modified: 2020-11-17T17:52:55.017

Link: CVE-2020-28044

cve-icon Redhat

No data.