Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
AnalysisAI
CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated attackers to execute arbitrary code by sending malicious scripts to the UserService SOAP API endpoint. The vulnerability affects NCR's point-of-sale terminal handler software and carries a CVSS score of 9.8 (critical severity). There is no indication of active exploitation in the wild, but the network-accessible SOAP API, lack of authentication requirements, and high-severity CWE-94 (Improper Control of Generation of Code) suggest this poses significant risk to NCR terminal deployments.
Technical ContextAI
The vulnerability resides in the UserService SOAP API function within NCR Terminal Handler, a component responsible for managing point-of-sale terminal operations and user authentication. The root cause is CWE-94 (Improper Control of Generation of Code), indicating the application dynamically executes or interprets user-supplied input without proper validation or sanitization. The SOAP API endpoint is network-accessible (AV:N per CVSS vector), meaning the vulnerable service is exposed without requiring special network positioning. The 'crafted script' mentioned in the description suggests the attacker can inject code (likely script-based) that is subsequently executed in the context of the terminal handler process. This is consistent with unsafe deserialization, code injection, or unsafe scripting engine usage patterns common in legacy enterprise POS systems.
RemediationAI
Immediate remediation steps: (1) Patch NCR Terminal Handler to the latest available version beyond 1.5.1—consult NCR's security advisory for the specific patched version number and availability. (2) If patching cannot be immediately deployed, implement network segmentation to restrict access to the UserService SOAP API endpoint (typically port 8080 or 443 depending on configuration) to trusted administrative networks only. Use firewall rules or WAF policies to block external connections. (3) Monitor SOAP API logs for suspicious script patterns or encoding anomalies. (4) Disable the UserService SOAP API if not required for operations. (5) Apply principle of least privilege to terminal handler service accounts. Consult NCR's official security bulletin and customer advisory portal for patch download links, detailed deployment instructions, and rollback procedures. Given the critical nature, patching should be prioritized in the next maintenance window.
More in Terminal Handler
View allCVE-2023-47029 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47031 is a critical privilege escalation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticat
CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remo
CVE-2023-47297 is a critical settings manipulation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers w
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoi
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-51188