CVE-2017-17668 — HIGH (7.5)

Q: How severe is CVE-2017-17668?

CVE-2017-17668 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-17668?

Check the references section above for vendor advisories and patch information. Affected products include: Ncr S1 Dispenser Controller Firmware, Ncr S1 Dispenser Controller.

Vulnerability Description

Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ncr	S1 Dispenser Controller Firmware	< 0x0156
Ncr	S1 Dispenser Controller	-

Related Weaknesses (CWE)

CWE-863

References

https://www.ncr.com/sites/default/files/ncr_security_alert_-_2018-04_v3.pdfBroken LinkVendor Advisory
https://www.ncr.com/sites/default/files/ncr_security_alert_-_2018-04_v3.pdfBroken LinkVendor Advisory

FAQ

What is CVE-2017-17668?

CVE-2017-17668 is a vulnerability with a CVSS score of 7.5 (HIGH). Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with...

How severe is CVE-2017-17668?

CVE-2017-17668 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17668?

Check the references section above for vendor advisories and patch information. Affected products include: Ncr S1 Dispenser Controller Firmware, Ncr S1 Dispenser Controller.