Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
AnalysisAI
CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers with low privileges to craft malicious session cookies to arbitrarily deactivate, lock, and delete user accounts, resulting in high integrity and availability impact. This vulnerability has a CVSS 8.1 score (High severity) and affects NCR's point-of-sale and terminal management infrastructure; while no public POC or active KEV listing is confirmed from the provided data, the network-accessible nature (AV:N) and low attack complexity (AC:L) make this a material risk for organizations deploying this terminal handler in production environments.
Technical ContextAI
The vulnerability resides in NCR Terminal Handler v1.5.1's session management mechanism, specifically in how the application validates and trusts session cookies for authorization decisions. The root cause maps to CWE-284 (Improper Access Control), indicating insufficient validation of user privileges before performing sensitive account operations. Rather than server-side session state validation or cryptographic verification of cookie integrity, the application likely accepts crafted cookies that can manipulate the authorization context. The terminal handler, commonly deployed in retail and banking point-of-sale environments, processes transactions and manages operator credentials; the cookie-based flaw allows bypassing the normal authentication checks that should gate account management operations. This is a classic insecure deserialization or cookie-tampering scenario where the application trusts client-supplied session data without proper verification (e.g., missing HMAC, no secure flag validation, or inadequate backend session store checks).
RemediationAI
Immediate actions: (1) Identify all systems running NCR Terminal Handler v1.5.1 via asset inventory; (2) Contact NCR support for patch availability and confirmed safe versions (e.g., 1.5.2 or later if available); (3) Upon patch release, prioritize deployment in production environments, especially those handling sensitive account operations. Interim mitigations pending patching: (a) Restrict network access to terminal handler interfaces using firewall rules and VPNs; limit access to trusted administrative networks only; (b) Implement session timeout policies and force re-authentication for account management operations; (c) Enforce multi-factor authentication (MFA) for any user account capable of modifying other accounts; (d) Monitor and alert on account deactivation/deletion events, flagging bulk operations; (e) Disable cookie-based session persistence for sensitive operations; require server-side session token validation with HMAC or cryptographic signatures; (f) Conduct session-handling code review focusing on cookie validation, deserialization, and privilege checks. Vendor patches: Status unknown from provided data—verify with NCR security advisories (typically published at ncr.com/security or via vendor mailing lists). After patching, validate through regression testing on non-production systems.
More in Terminal Handler
View allCVE-2023-47029 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47031 is a critical privilege escalation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticat
CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remo
CVE-2023-47297 is a critical settings manipulation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoi
Same weakness CWE-284 – Improper Access Control
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-51421