Security restrictions bypass in NCR S1 - CVE-2017-17668
Published: August 10, 2018
Vulnerability identifier: #VU14312
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-17668
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: NCR Corporation
Affected software:
NCR S1
NCR S1
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to insufficient protection of memory write mechanism in NCR S1 Dispenser controller. remote attacker can upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
The weakness exists due to insufficient protection of memory write mechanism in NCR S1 Dispenser controller. remote attacker can upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
How to mitigate CVE-2017-17668
Update to version 0x0156.