Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
AnalysisAI
CVE-2023-47297 is a critical settings manipulation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remote attackers to execute arbitrary commands and modify system security auditing configurations without authentication. With a CVSS score of 9.8 and network-accessible attack vector, this vulnerability poses an immediate threat to NCR terminal deployments in retail and financial environments. The vulnerability's presence in point-of-sale systems and payment terminals makes it particularly dangerous for organizations processing financial transactions.
Technical ContextAI
NCR Terminal Handler is a critical component of NCR's point-of-sale and terminal management infrastructure used across retail and financial services. The vulnerability stems from CWE-284 (Improper Access Control), specifically a failure to properly validate and authenticate settings modification requests. The affected software lacks sufficient access controls on administrative configuration endpoints, allowing attackers to manipulate security settings including system auditing configurations through network requests. The root cause appears to be insufficient input validation and missing authentication checks on settings manipulation APIs or configuration interfaces, enabling attackers to bypass intended security boundaries and achieve command execution through configuration injection or direct code execution pathways.
RemediationAI
Immediate actions: (1) Update NCR Terminal Handler to version 1.5.2 or later if available; contact NCR directly for patch availability and timelines. (2) Implement network segmentation isolating terminal handlers from untrusted networks; restrict access to terminal management interfaces to authorized administrative networks only. (3) Deploy network-based access controls (WAF, IP whitelisting) on exposed terminal handler interfaces. (4) Enable all available security logging and auditing features at the application and OS level, with centralized log collection to detect modification attempts. (5) Implement integrity checking on system security configurations to alert on unauthorized changes. (6) Monitor for suspicious configuration modification requests and arbitrary command execution attempts. (7) Review NCR security advisories at ncr.com/security for official patch releases and comprehensive remediation guidance.
More in Terminal Handler
View allCVE-2023-47029 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47031 is a critical privilege escalation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticat
CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remo
CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers w
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoi
Same weakness CWE-284 – Improper Access Control
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-51424