Skip to main content
CVE-2021-3122 CRITICAL POC THREAT Emergency

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Command Center Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
87.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy