An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
An attacker sends a specially crafted GET request to the UserService SOAP API endpoint, which is used to verify user existence in the system. The mechanism handling this request contains a vulnerability classified as CWE-94 (Improper Control of Code Generation), meaning that data supplied by the attacker can be treated as code and executed on the server side. The exploit requires neither authentication nor user interaction.
An attacker can remotely execute arbitrary code on the server (RCE) and gain access to sensitive information processed by the system. As a result, complete takeover of the vulnerable system and data leakage are possible.
Patches available from the vendor should be applied in accordance with the references provided. Until the fix is deployed, it is recommended to restrict network access to SOAP API endpoints exclusively to trusted IP addresses and monitor traffic directed to the UserService.
NCR Terminal Handler v.1.5.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNcr Terminal Handler
APPNcr1.5.1
Related vulnerabilities
NCR Terminal Handler — manipulacja ustawieniami umożliwia wykonanie dowolnych poleceń
RCE i wyciek danych w NCR Terminal Handler przez komponent UserService
NCR Terminal Handler – privilege escalation przez SOAP API
RCE w NCR Terminal Handler v.1.5.1 przez SOAP API
CSV Injection w NCR Terminal Handler umożliwia wykonanie dowolnych poleceń