Skip to main content

CVE-2023-47020: n/a in n/a

High
VulnerabilityCVE-2023-47020cvecve-2023-47020
Published: Thu Feb 08 2024 (02/08/2024, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.

AI-Powered Analysis

AILast updated: 07/11/2025, 05:33:45 UTC

Technical Analysis

CVE-2023-47020 is a high-severity vulnerability affecting NCR Terminal Handler version 1.5.1. The vulnerability involves multiple chained Cross-Site Request Forgery (CSRF) attacks that allow an attacker to escalate privileges by exploiting an insecure Web Services Description Language (WSDL) endpoint. Specifically, the WSDL function lacks proper security controls and accepts custom content types, enabling an attacker to craft malicious requests that first create a user account and then add that user to an administrator group. This chaining of CSRF exploits bypasses typical protections and results in unauthorized administrative access. The vulnerability is remotely exploitable over the network without requiring prior authentication, but it does require some user interaction (UI:R). The CVSS 3.1 base score is 8.8, reflecting the critical impact on confidentiality, integrity, and availability. The CWE associated is CWE-352, which corresponds to CSRF vulnerabilities. No patches or known exploits in the wild have been reported yet. The lack of vendor or product details limits precise identification, but the vulnerability centers on NCR Terminal Handler, a component likely used in point-of-sale or terminal management systems.

Potential Impact

For European organizations, this vulnerability poses a significant risk, especially for those using NCR Terminal Handler in retail, banking, or hospitality sectors where terminal management is critical. Successful exploitation could lead to unauthorized administrative control over terminal systems, enabling attackers to manipulate transaction data, disrupt services, or deploy further malware. This could result in financial losses, reputational damage, and regulatory penalties under GDPR due to compromised data integrity and availability. The remote network exploitability without authentication increases the attack surface, potentially allowing attackers to target exposed endpoints from outside the corporate network. The requirement for user interaction may limit automated mass exploitation but does not eliminate risk in environments where users may be tricked into initiating the malicious requests. The absence of patches means organizations must rely on mitigations until an official fix is available.

Mitigation Recommendations

European organizations should immediately audit their use of NCR Terminal Handler and identify exposed WSDL endpoints. Network-level controls such as firewall rules should restrict access to these endpoints to trusted internal IPs only. Implementing Web Application Firewalls (WAF) with custom rules to detect and block CSRF attack patterns targeting the WSDL service is recommended. Organizations should enforce strict Content-Type validation on the server side to reject unexpected or custom content types. User education to recognize phishing or social engineering attempts that could trigger CSRF attacks is important. Additionally, enabling multi-factor authentication (MFA) for administrative actions, if supported, can reduce risk. Monitoring logs for unusual user creation or privilege escalation activities can help detect exploitation attempts. Until patches are released, consider disabling or isolating the vulnerable WSDL functions if feasible. Engage with NCR or relevant vendors for updates and apply patches promptly once available.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-10-30T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f531b0bd07c39389f0a

Added to database: 6/10/2025, 6:54:11 PM

Last enriched: 7/11/2025, 5:33:45 AM

Last updated: 8/14/2025, 12:38:11 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats