Login Sign Up

CVE-2023-47024

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in NCR Terminal Handler v1.5.1 allows attackers to perform one-click account takeover by exploiting weak security controls in an undisclosed WSDL function. Attackers can craft malicious requests that execute unauthorized actions when victims visit specially crafted web pages. Organizations using NCR Terminal Handler v1.5.1 are affected.

💻 Affected Systems

Products:
  • NCR Terminal Handler
Versions: v1.5.1
Operating Systems: Not specified
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability involves an undisclosed function in the WSDL with weak security controls that accepts custom content types.

📦 What is this software?

Terminal Handler by Ncratleos

View all CVEs affecting Terminal Handler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of terminal handler accounts leading to unauthorized access to sensitive systems, potential data theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized account access allowing attackers to modify configurations, access sensitive data, or disrupt terminal operations.

🟢

If Mitigated

Limited impact with proper CSRF protections, though other vulnerabilities in the WSDL function might still pose risks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (clicking a malicious link) but is straightforward once the malicious request is crafted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor NCR for security updates and apply immediately when released.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests in the Terminal Handler application.

Restrict WSDL Access

all

Disable or restrict access to the vulnerable WSDL function if not required for operations.

🧯 If You Can't Patch

  • Implement network segmentation to isolate Terminal Handler from untrusted networks
  • Deploy web application firewall (WAF) with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running NCR Terminal Handler v1.5.1 and review WSDL functions for weak security controls on custom content types.

Check Version:

Check application documentation or configuration files for version information

Verify Fix Applied:

Verify that CSRF tokens are implemented and WSDL functions have proper security controls when updates become available.

📡 Detection & Monitoring

Log Indicators:

  • Unusual account access patterns
  • Requests to WSDL functions with custom content types
  • Failed authentication attempts followed by successful ones

Network Indicators:

  • HTTP POST requests to Terminal Handler endpoints without CSRF tokens
  • Requests with unusual content-type headers

SIEM Query:

source="terminal_handler" AND (http_method="POST" AND NOT csrf_token=*) OR (content_type="custom/*")

📊 Metadata

CVE ID: CVE-2023-47024
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: January 20, 2024
Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47024, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)