CVE-2023-47020: CSRF
First published: Thu Feb 08 2024(Updated: )
Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ncratleos Terminal Handler | =1.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-47020?
CVE-2023-47020 is classified as a high severity vulnerability due to its potential for escalating privileges through CSRF chaining.
How do I fix CVE-2023-47020?
To mitigate CVE-2023-47020, ensure that proper CSRF protection mechanisms are implemented in the application.
What software versions are affected by CVE-2023-47020?
CVE-2023-47020 affects NCR Terminal Handler version 1.5.1.
What type of vulnerability is CVE-2023-47020?
CVE-2023-47020 is a Cross-Site Request Forgery (CSRF) vulnerability that can lead to unauthorized privilege escalation.
Can CVE-2023-47020 allow attackers to create new administrator accounts?
Yes, CVE-2023-47020 enables attackers to create new user accounts and potentially add them to administrator groups.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/source
- vendor/ncratleos
- canonical/ncratleos terminal handler
- version/ncratleos terminal handler/1.5.1