CVE-2023-47020
Last modified
CVE-2023-47020 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ncratleos | Terminal Handler | 1.5.1 |
References
- https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020Third Party Advisory
- https://youtu.be/pGB3LKdf64wExploit
- https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020Third Party Advisory
- https://youtu.be/pGB3LKdf64wExploit
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-47020?
How severe is CVE-2023-47020?
How do I fix CVE-2023-47020?
Are you affected by CVE-2023-47020?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST