CRITICAL🇵🇱 Wersja polska

CVE-2023-47297

CVSS 9.8v3.1pub. 2025-06-23upd. 2025-06-26

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-284 (improper access control) allows an unauthenticated attacker to remotely manipulate NCR Terminal Handler application settings. Through this flaw, it is possible to execute arbitrary system commands, including modification of the operating system security audit configuration. The lack of appropriate permission verification mechanisms means that the attack does not require any user interaction.

Impact

An attacker can execute arbitrary commands on the system, modify security audit configuration, and potentially gain full control over the confidentiality, integrity, and availability of the system.

Mitigation & patch

Apply patches available from the vendor according to the references. It is also recommended to restrict network access to the NCR Terminal Handler management interface using a firewall or network segmentation until the patch is deployed.

Who is affected

NCR Terminal Handler v1.5.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ncr Terminal Handler

    APP
    Ncr
    1.5.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-47295CRITICAL9.8PL ✓ten sam produkt

CSV Injection w NCR Terminal Handler umożliwia wykonanie dowolnych poleceń

CVE-2023-47029CRITICAL9.8PL ✓ten sam produkt

RCE i wyciek danych w NCR Terminal Handler przez komponent UserService

CVE-2023-47030CRITICAL9.8PL ✓ten sam produkt

RCE w NCR Terminal Handler via SOAP API — nieuwierzytelniony dostęp zdalny

CVE-2023-47031CRITICAL9.8PL ✓ten sam produkt

NCR Terminal Handler – privilege escalation przez SOAP API

CVE-2023-47032CRITICAL9.8PL ✓ten sam produkt

RCE w NCR Terminal Handler v.1.5.1 przez SOAP API