HomeAdvisoriesAccuPOS

AccuPOS

Incorrect Permission Assignment for Critical Resource

Previous AdvisoryNext Advisory

CVE ID

CVE-2018-15809

Vendor

AccuPOS, Inc.

Product

AccuPOS

Product Version

Version, 2017.8

Vulnerability Details

The AccuPOS Point Of Sale Application is installed with the insecure “Authenticated Users: Modify” permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.

Learn more

Vendor Response

AccuPOS has not remediated the vulnerability.

Disclosure Timeline

02.02.2018
Disclosed to Vendor
02.03.2018
Follow up via Email
09.04.2018
No response from vendor
03.06.2018
Publicly disclosed at BSides ATL

Previous AdvisoryNext Advisory

A Look at RACI Models within Application Threat Modeling

Offensive Security

DevSecOps

GRC Services

Threat Intelligence

VS-Labs Security Research

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

5 Steps to Implement an Application Threat Modeling Program

Who We Are

AccuPOS

CVE ID

Vendor

Product

Product Version

Vulnerability Details

Vendor Response

Disclosure Timeline