CVE Catalog

CVE-2023-47031

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile - higher than 42% of all known CVEs

Summary

A vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API components.

Risk Assessment

An attacker can gain unauthorized administrative privileges, leading to full system compromise and potential breach of data confidentiality and integrity.

Recommendation

Immediately update NCR Terminal Handler to the latest available version and restrict access to the SOAP API to trusted networks only.

Original NVD description (English source)

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS