Skip to main content

Terminal Handler CVE-2023-47294

| EUVDEUVD-2023-51421 HIGH
Improper Access Control (CWE-284)
2025-06-23 cve@mitre.org
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2023-51421
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 16:15 nvd
HIGH 8.1

DescriptionCVE.org

An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.

AnalysisAI

CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers with low privileges to craft malicious session cookies to arbitrarily deactivate, lock, and delete user accounts, resulting in high integrity and availability impact. This vulnerability has a CVSS 8.1 score (High severity) and affects NCR's point-of-sale and terminal management infrastructure; while no public POC or active KEV listing is confirmed from the provided data, the network-accessible nature (AV:N) and low attack complexity (AC:L) make this a material risk for organizations deploying this terminal handler in production environments.

Technical ContextAI

The vulnerability resides in NCR Terminal Handler v1.5.1's session management mechanism, specifically in how the application validates and trusts session cookies for authorization decisions. The root cause maps to CWE-284 (Improper Access Control), indicating insufficient validation of user privileges before performing sensitive account operations. Rather than server-side session state validation or cryptographic verification of cookie integrity, the application likely accepts crafted cookies that can manipulate the authorization context. The terminal handler, commonly deployed in retail and banking point-of-sale environments, processes transactions and manages operator credentials; the cookie-based flaw allows bypassing the normal authentication checks that should gate account management operations. This is a classic insecure deserialization or cookie-tampering scenario where the application trusts client-supplied session data without proper verification (e.g., missing HMAC, no secure flag validation, or inadequate backend session store checks).

RemediationAI

Immediate actions: (1) Identify all systems running NCR Terminal Handler v1.5.1 via asset inventory; (2) Contact NCR support for patch availability and confirmed safe versions (e.g., 1.5.2 or later if available); (3) Upon patch release, prioritize deployment in production environments, especially those handling sensitive account operations. Interim mitigations pending patching: (a) Restrict network access to terminal handler interfaces using firewall rules and VPNs; limit access to trusted administrative networks only; (b) Implement session timeout policies and force re-authentication for account management operations; (c) Enforce multi-factor authentication (MFA) for any user account capable of modifying other accounts; (d) Monitor and alert on account deactivation/deletion events, flagging bulk operations; (e) Disable cookie-based session persistence for sensitive operations; require server-side session token validation with HMAC or cryptographic signatures; (f) Conduct session-handling code review focusing on cookie validation, deserialization, and privilege checks. Vendor patches: Status unknown from provided data—verify with NCR security advisories (typically published at ncr.com/security or via vendor mailing lists). After patching, validate through regression testing on non-production systems.

Share

CVE-2023-47294 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy