Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
AnalysisAI
CVE-2023-47031 is a critical privilege escalation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remote attackers to gain administrative privileges by crafting malicious POST requests to SOAP API endpoints (grantRolesToUsers, grantRolesToGroups, grantRolesToOrganization). With a CVSS score of 9.8 and attack vector requiring no authentication or user interaction, this vulnerability poses an immediate threat to exposed NCR Terminal Handler installations. The vulnerability has been confirmed with public disclosure and is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.
Technical ContextAI
The vulnerability exists in the SOAP API component of NCR Terminal Handler, specifically in the role-granting functionality. The root cause is classified as CWE-284 (Improper Access Control), indicating that the SOAP endpoints fail to properly validate user privileges before processing role assignment requests. SOAP (Simple Object Access Protocol) services, traditionally reliant on XML parsing and WS-Security mechanisms, require robust authorization checks on each operation. In this case, the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization endpoints lack sufficient access controls, allowing unauthenticated or low-privileged users to invoke administrative functions. The affected product is NCR Terminal Handler v1.5.1 (CPE likely: cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*), a critical component in NCR's point-of-sale and transaction processing infrastructure. The SOAP API exposure suggests these endpoints are accessible over HTTP/HTTPS without adequate WS-Security policies or role-based access control validation.
More in Terminal Handler
View allCVE-2023-47029 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remo
CVE-2023-47297 is a critical settings manipulation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers w
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoi
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-51187