CVE-2023-48978 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-48978?

CVE-2023-48978 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on NCR ITM Web terminal systems by sending crafted scripts to the IP camera URL component. It affects NCR ITM Web terminal versions 4.4.0 and 4.4.4. Organizations using these versions for retail or hospitality operations are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on NCR ITM Web terminal systems by sending crafted scripts to the IP camera URL component. It affects NCR ITM Web terminal versions 4.4.0 and 4.4.4. Organizations using these versions for retail or hospitality operations are at risk.

💻 Affected Systems

Products:

NCR ITM Web terminal

Versions: 4.4.0 and 4.4.4

Operating Systems: Not specified in CVE details

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with IP camera functionality enabled in the web terminal interface.

📦 What is this software?

Itm Web Terminal by Ncr

View all CVEs affecting Itm Web Terminal →

Itm Web Terminal by Ncr

View all CVEs affecting Itm Web Terminal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install malware, steal sensitive data, pivot to other systems, and disrupt business operations.

🟠

Likely Case

Remote code execution leading to data theft, system manipulation, or deployment of ransomware on affected terminals.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing systems extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated code execution, posing significant risk to internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub demonstrates the vulnerability. Exploitation requires sending crafted requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not available in provided references

Restart Required: No

Instructions:

Check NCR official security advisories for patch availability. If patch exists, follow vendor's installation instructions.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate NCR ITM Web terminals from internet and restrict network access to authorized systems only.

Web Application Firewall Rules

all

Implement WAF rules to block requests containing suspicious script patterns to IP camera URLs.

🧯 If You Can't Patch

Disable IP camera functionality if not required for operations
Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check system version via terminal interface or configuration files. If version is 4.4.0 or 4.4.4, system is vulnerable.

Check Version:

Check terminal web interface or configuration files for version information

Verify Fix Applied:

Verify version has been updated to a patched release (if available) or that workarounds have been properly implemented.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to IP camera URLs
Script-like patterns in URL parameters
Unexpected process execution

Network Indicators:

HTTP requests with crafted scripts to /camera or similar endpoints
Unusual outbound connections from terminals

SIEM Query:

source="web_logs" AND (url="*camera*" AND (content="*script*" OR content="*eval*" OR content="*exec*"))

📊 Metadata

CVE ID: CVE-2023-48978

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.53% exploit probability (66.7th percentile)

Published: June 23, 2025

Last Updated: July 9, 2025

🔗 References

https://drive.google.com/file/d/13JrkDcVtcQFepeGoG8roBZ1xFy7iBx1R/view?usp=sharing Permissions Required
https://github.com/pwahba/cve-research/blob/main/CVE-2023-48978/CVE-2023-48978.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48978, you might also want to check these: