EUVD-2023-51185

| CVE-2023-47029 CRITICAL
2025-06-23 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2023-51185
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 18:15 nvd
CRITICAL 9.8

Tags

RCE Terminal Handler

Description

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component

Analysis

CVE-2023-47029 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated attackers to execute arbitrary code and exfiltrate sensitive information through a crafted POST request to the UserService component. With a CVSS score of 9.8 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses an immediate threat to NCR point-of-sale and payment terminal environments. The vulnerability's status as actively exploited (KEV designation) and the existence of public proof-of-concept code indicate high real-world exploitation risk.

Technical Context

The vulnerability resides in the UserService component of NCR Terminal Handler, a critical middleware application responsible for managing user authentication, authorization, and service requests in NCR's payment terminal infrastructure (affected CPE: cpe:2.3:a:ncr:terminal_handler:1.5.1:*:*:*:*:*:*:*). The underlying root cause is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating improper input validation and/or insecure deserialization in the POST request handler. The UserService component likely fails to properly validate, sanitize, or authenticate incoming serialized objects or command parameters, allowing attackers to inject malicious payloads that are executed with the application's privileges. This is typical of Java-based services using unsafe deserialization mechanisms or insecure RPC/SOAP implementations without proper object type whitelisting.

Affected Products

Terminal Handler (['1.5.1'])

Remediation

Immediate actions required: (1) Identify all NCR Terminal Handler v1.5.1 installations in your environment using network asset scanning and vendor telemetry; (2) Apply the latest security patch from NCR immediately - contact NCR support or check the NCR Security Advisory portal for v1.5.2 or later patches; (3) If patching is delayed, implement network-level mitigations: restrict direct network access to Terminal Handler UserService endpoints, require VPN/firewall rules limiting POST requests to the UserService component to authorized internal networks only, and disable the UserService if not actively in use; (4) Enable request payload inspection/WAF rules blocking suspicious serialized objects or unexpected parameter types in POST requests to /UserService endpoints; (5) Monitor terminal logs for suspicious POST requests to UserService and investigate any occurrences; (6) If compromise is suspected, treat as a point-of-sale security incident with potential payment card data exposure - initiate incident response and consider PCI-DSS breach notification procedures. Verify patch deployment with NCR Terminal Handler version checks post-update.

Priority Score

50
Low Medium High Critical
KEV: 0
EPSS: +0.8
CVSS: +49
POC: 0

Share

EUVD-2023-51185 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy