CVE-2018-5717 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2018-5717?

CVE-2018-5717 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-5717?

Check the references section above for vendor advisories and patch information. Affected products include: Ncr S2 Dispenser Controller Firmware, Ncr S2 Dispenser Controller.

Vulnerability Description

Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ncr	S2 Dispenser Controller Firmware	< 0x0108
Ncr	S2 Dispenser Controller	-

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2018-5717?

CVE-2018-5717 is a vulnerability with a CVSS score of 7.5 (HIGH). Memory write mechanism in NCR S2 Dispenser controller before firmware version 0x0108 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with...

How severe is CVE-2018-5717?

CVE-2018-5717 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5717?

Check the references section above for vendor advisories and patch information. Affected products include: Ncr S2 Dispenser Controller Firmware, Ncr S2 Dispenser Controller.