An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
An attacker sends a specially crafted HTTP POST request to the UserService component of the NCR Terminal Handler application. Improper processing of this request allows arbitrary code execution on the server side and disclosure of sensitive information. The attack requires no authentication or user interaction.
An attacker can remotely execute arbitrary code on the vulnerable server (RCE) and gain access to sensitive data processed by the application, which may lead to complete system compromise and information disclosure.
Apply patches available from the vendor according to the references. It is also recommended to restrict network access to the UserService component exclusively to trusted IP addresses and monitor HTTP traffic for suspicious POST requests.
NCR Terminal Handler v.1.5.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNcr Terminal Handler
APPNcr1.5.1
Related vulnerabilities
NCR Terminal Handler — manipulacja ustawieniami umożliwia wykonanie dowolnych poleceń
RCE w NCR Terminal Handler via SOAP API — nieuwierzytelniony dostęp zdalny
NCR Terminal Handler – privilege escalation przez SOAP API
RCE w NCR Terminal Handler v.1.5.1 przez SOAP API
CSV Injection w NCR Terminal Handler umożliwia wykonanie dowolnych poleceń