An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
An attacker sends a crafted POST request to SOAP API components: grantRolesToUsers, grantRolesToGroups or grantRolesToOrganization. The application does not properly verify the caller's permissions (CWE-284 – improper access control), allowing an unauthorized person to assign roles to users, groups or organizations in the system. The attack requires no prior authentication or user interaction.
An attacker can grant themselves or any account high privileges in the system, which in practice means complete takeover of the application and potential access to sensitive data and managed terminals.
Apply patches available from the vendor according to the references. As a temporary measure, it is recommended to restrict network access to the SOAP API interface only to trusted IP addresses and monitor requests directed to the grantRolesToUsers, grantRolesToGroups and grantRolesToOrganization endpoints.
NCR Terminal Handler v.1.5.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNcr Terminal Handler
APPNcr1.5.1
Related vulnerabilities
NCR Terminal Handler — manipulacja ustawieniami umożliwia wykonanie dowolnych poleceń
RCE i wyciek danych w NCR Terminal Handler przez komponent UserService
RCE w NCR Terminal Handler via SOAP API — nieuwierzytelniony dostęp zdalny
RCE w NCR Terminal Handler v.1.5.1 przez SOAP API
CSV Injection w NCR Terminal Handler umożliwia wykonanie dowolnych poleceń