Vulnerabilities > CVE-2017-17668 - Incorrect Authorization vulnerability in NCR S1 Dispenser Controller Firmware

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
ncr
CWE-863

Summary

Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

Vulnerable Configurations

Part Description Count
OS
Ncr
1
Hardware
Ncr
1

Common Weakness Enumeration (CWE)