| |
Vulnerability CVE-2018-5717
Published: 2018-03-20
| Description: |
Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. |
Type:
CWE-787
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:C/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.8/10 |
6.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Complete |
None |
References: |
https://www.ncr.com/sites/default/files/ncr_security_alert_-_2018-04_v3.pdf
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
