Security restrictions bypass in NCR S2 - CVE-2018-5717
Published: August 10, 2018
Vulnerability identifier: #VU14313
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-5717
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: NCR Corporation
Affected software:
NCR S2
NCR S2
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to insufficient protection of memory write mechanism in NCR S2 Dispenser controller. remote attacker can upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
The weakness exists due to insufficient protection of memory write mechanism in NCR S2 Dispenser controller. remote attacker can upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
How to mitigate CVE-2018-5717
Update to version 0x0108.