CVE Vulnerability

CVE-2018-5717

Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.ncr.com/sites/default/files/ncr_security_alert_-_2018-04_v3.pdf Broken Link
Configurations

Configuration 1
Information

Published : 2018-03-20 02:29

Updated : 2018-04-20 02:57

NVD link : CVE-2018-5717

Mitre link : CVE-2018-5717

Products Affected
No products.
CWE
CWE-787