SB2018081017 - Security restrictions bypass in NCR S1 and S2
Published: August 10, 2018
Security Bulletin ID
SB2018081017
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2017-17668)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists due to insufficient protection of memory write mechanism in NCR S1 Dispenser controller. remote attacker can upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
2) Security restrictions bypass (CVE-ID: CVE-2018-5717)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.The weakness exists due to insufficient protection of memory write mechanism in NCR S2 Dispenser controller. remote attacker can upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
Remediation
Install update from vendor's website.