CVE-2023-47020

{"id": "CVE-2023-47020", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-02-08T16:15:46.377", "references": [{"url": "https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://youtu.be/pGB3LKdf64w", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types."}, {"lang": "es", "value": "El encadenamiento de Multiple Cross-Site Request Forgery (CSRF) en NCR Terminal Handler v.1.5.1 permite que un atacante aumente los privilegios a trav\u00e9s de una solicitud manipulada que implica la creaci\u00f3n de una cuenta de usuario y la adici\u00f3n del usuario a un grupo de administradores. Esto es aprovechado por una funci\u00f3n no revelada en el WSDL que carece de controles de seguridad y puede aceptar tipos de contenido personalizados."}], "lastModified": "2024-02-15T03:21:44.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ncratleos:terminal_handler:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7CBF0BA-23C2-4A14-9D14-2CF59375C880"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}