CVE-2017-17668

Published: Mar 20, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

Affected (1)

Products: Ncr: S1 Dispenser Controller Firmware

Ncr

1 product

S1 Dispenser Controller Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ncr S1 Dispenser Controller Firmware	Before 0x0156

Running on/with	Platform Versions
Ncr S1 Dispenser Controller	All versions

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://www.ncr.com/sites/default/files/ncr_security_alert_-_2018-04_v3.pdf

Source: cve@mitre.org

Broken LinkVendor Advisory

https://www.ncr.com/sites/default/files/ncr_security_alert_-_2018-04_v3.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

Timeline

No history available yet.