CVE-2017-17668
 
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
El mecanismo de escritura en memoria de los controladores NCR S1 Dispenser, en versiones de firmware anteriores a 0x0156, permite que un usuario no autenticado actualice o degrade el firmware del dispositivo, incluyendo versiones más antiguas con vulnerabilidades conocidas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-13 CVE Reserved
- 2018-03-20 CVE Published
- 2024-01-28 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.ncr.com/sites/default/files/ncr_security_alert_-_2018-04_v3.pdf | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ncr Search vendor "Ncr" | S1 Dispenser Controller Firmware Search vendor "Ncr" for product "S1 Dispenser Controller Firmware" | < 0x0156 Search vendor "Ncr" for product "S1 Dispenser Controller Firmware" and version " < 0x0156" | - |
Affected
| in | Ncr Search vendor "Ncr" | S1 Dispenser Controller Search vendor "Ncr" for product "S1 Dispenser Controller" | - | - |
Safe
|