CVE-2023-47297
BaseFortify
Publication date: 2025-06-23
Last updated on: 2025-06-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ncr | terminal_handler | 1.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a settings manipulation flaw in NCR Terminal Handler version 1.5.1 that allows attackers to execute arbitrary commands on the affected system. This includes the ability to edit system security auditing configurations, potentially compromising system integrity and security monitoring.
How can this vulnerability impact me? :
The vulnerability can allow attackers to run arbitrary commands, which may lead to unauthorized system control, modification of security auditing settings, and potentially undetected malicious activities. This can result in system compromise, data breaches, and loss of trust in system security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
By allowing attackers to edit system security auditing configurations, this vulnerability can undermine the integrity and reliability of security logs and monitoring. This may lead to non-compliance with standards and regulations such as GDPR and HIPAA, which require proper security controls and audit trails to protect sensitive data.