Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
AnalysisAI
CVE-2023-47029 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated attackers to execute arbitrary code and exfiltrate sensitive information through a crafted POST request to the UserService component. With a CVSS score of 9.8 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses an immediate threat to NCR point-of-sale and payment terminal environments. The vulnerability's status as actively exploited (KEV designation) and the existence of public proof-of-concept code indicate high real-world exploitation risk.
Technical ContextAI
The vulnerability resides in the UserService component of NCR Terminal Handler, a critical middleware application responsible for managing user authentication, authorization, and service requests in NCR's payment terminal infrastructure (affected CPE: cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*). The underlying root cause is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating improper input validation and/or insecure deserialization in the POST request handler. The UserService component likely fails to properly validate, sanitize, or authenticate incoming serialized objects or command parameters, allowing attackers to inject malicious payloads that are executed with the application's privileges. This is typical of Java-based services using unsafe deserialization mechanisms or insecure RPC/SOAP implementations without proper object type whitelisting.
RemediationAI
Immediate actions required: (1) Identify all NCR Terminal Handler v1.5.1 installations in your environment using network asset scanning and vendor telemetry; (2) Apply the latest security patch from NCR immediately - contact NCR support or check the NCR Security Advisory portal for v1.5.2 or later patches; (3) If patching is delayed, implement network-level mitigations: restrict direct network access to Terminal Handler UserService endpoints, require VPN/firewall rules limiting POST requests to the UserService component to authorized internal networks only, and disable the UserService if not actively in use; (4) Enable request payload inspection/WAF rules blocking suspicious serialized objects or unexpected parameter types in POST requests to /UserService endpoints; (5) Monitor terminal logs for suspicious POST requests to UserService and investigate any occurrences; (6) If compromise is suspected, treat as a point-of-sale security incident with potential payment card data exposure - initiate incident response and consider PCI-DSS breach notification procedures. Verify patch deployment with NCR Terminal Handler version checks post-update.
More in Terminal Handler
View allCVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47031 is a critical privilege escalation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticat
CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remo
CVE-2023-47297 is a critical settings manipulation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers w
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoi
Same weakness CWE-200 – Information Exposure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-51185