Vulnerability Details CVE-2023-47024
Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.6%
CVSS Severity
CVSS v3 Score 8.8
References
- https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing
- https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024
- https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing
- https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024
Products affected by CVE-2023-47024
-
cpe:2.3:a:ncratleos:terminal_handler:1.5.1