AccuPOS | VerSprite AccuPOS | VerSprite

Home  |  Research  |  Resources  |  Advisories  |  AccuPOS

AccuPOS

Incorrect Permission Assignment for Critical Resource

CVE ID

CVE-2018-15809

VENDOR

AccuPOS, Inc.

PRODUCT

AccuPOS

Product version

Vulnerability Details

The AccuPOS Point Of Sale Application is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files.

Vendor response

AccuPOS has not remediated the vulnerability.

Disclosure timeline

02-27-2018 - Disclosed to Vendor
03-27-2018 - Follow up via Email
04-09-2018 - No response from vendor
06-03-2018 - Publicly disclosed at BSides ATL

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos