How to fix CVE-2023-47031?

Within 24 hours: Inventory all NCR Terminal Handler v.1.5.1 instances and isolate them from untrusted networks; enable enhanced logging on SOAP API endpoints. Within 7 days: Deploy WAF rules to block POST requests to grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization endpoints; implement network segmentation to restrict API access to authorized systems only. Within 30 days: Contact NCR for patch availability and timeline; evaluate alternative terminal handler solutions if patch remains unavailable; conduct access reviews on all privileged accounts for signs of compromise.

Is Terminal Handler affected by CVE-2023-47031?

NCR Terminal Handler systems are exposed to a critical privilege escalation vulnerability that allows remote attackers to gain unauthorized administrative access through malicious API requests.

CVE-2023-47031

EUVD-2023-51187 CRITICAL

2025-06-23 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 22:10 euvd

EUVD-2023-51187

Analysis Generated

Mar 15, 2026 - 22:10 vuln.today

CVE Published

Jun 23, 2025 - 17:15 nvd

CRITICAL 9.8

Description

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.

Analysis

CVE-2023-47031 is a critical privilege escalation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remote attackers to gain administrative privileges by crafting malicious POST requests to SOAP API endpoints (grantRolesToUsers, grantRolesToGroups, grantRolesToOrganization). With a CVSS score of 9.8 and attack vector requiring no authentication or user interaction, this vulnerability poses an immediate threat to exposed NCR Terminal Handler installations. The vulnerability has been confirmed with public disclosure and is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

Technical Context

The vulnerability exists in the SOAP API component of NCR Terminal Handler, specifically in the role-granting functionality. The root cause is classified as CWE-284 (Improper Access Control), indicating that the SOAP endpoints fail to properly validate user privileges before processing role assignment requests. SOAP (Simple Object Access Protocol) services, traditionally reliant on XML parsing and WS-Security mechanisms, require robust authorization checks on each operation. In this case, the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization endpoints lack sufficient access controls, allowing unauthenticated or low-privileged users to invoke administrative functions. The affected product is NCR Terminal Handler v1.5.1 (CPE likely: cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*), a critical component in NCR's point-of-sale and transaction processing infrastructure. The SOAP API exposure suggests these endpoints are accessible over HTTP/HTTPS without adequate WS-Security policies or role-based access control validation.

Affected Products

NCR Terminal Handler (['1.5.1'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +49

POC: 0

CVE-2023-47031 vulnerability details – vuln.today

Back

CVE-2023-47031

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2023-47031

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code