Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
AnalysisAI
CVE-2023-47295 is a critical CSV injection vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticated remote attackers to execute arbitrary commands through crafted payloads injected into any text input field. The vulnerability has a CVSS 9.8 score indicating maximum severity due to network accessibility, no authentication requirements, and complete system compromise potential (confidentiality, integrity, and availability impact). This represents a direct remote code execution risk affecting payment terminal infrastructure.
Technical ContextAI
The vulnerability exploits improper input validation in text field handling within NCR Terminal Handler v1.5.1. The root cause is classified under CWE-1236 (Improper Neutralization of Formula Elements in a CSV File), which occurs when user-supplied input is not properly sanitized before being processed or rendered in CSV contexts. Attackers can inject formula injection payloads (such as =, +, -, @, or tab characters followed by commands) that are interpreted as executable formulas by spreadsheet applications or backend processors. NCR Terminal Handler is payment terminal management software; the vulnerability exists in any text field accepting string input, indicating a systemic input validation failure rather than isolated to a single function. The affected CPE would be NCR Terminal Handler versions prior to the patched release.
RemediationAI
Immediate patching is critical: (1) Apply NCR Terminal Handler patch/update to version 1.5.2 or later as released by NCR; (2) If immediate patching is not possible, implement network-level mitigations: restrict access to Terminal Handler administrative interfaces to trusted IP ranges via firewall rules, implement WAF rules to block CSV injection payloads (regex filters for =, +, -, @, tab characters at string field boundaries); (3) Monitor for suspicious command execution on Terminal Handler systems; (4) Implement input validation at application layer even after patching—sanitize all text input to remove formula injection characters; (5) Run NCR Terminal Handler with minimal required privileges (non-root, service account with restricted permissions) to limit RCE impact. Vendor advisory links from NCR security bulletins and CERT/CC notifications should provide specific patch download URLs and affected product matrices. Do not deploy workarounds as permanent solutions—patching is mandatory.
More in Terminal Handler
View allCVE-2023-47029 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47030 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47032 is a critical remote code execution vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47031 is a critical privilege escalation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthenticat
CVE-2023-47297 is a critical settings manipulation vulnerability in NCR Terminal Handler v1.5.1 that allows unauthentica
CVE-2023-47294 is a session cookie validation flaw in NCR Terminal Handler v1.5.1 that permits authenticated attackers w
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoi
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2023-51422