CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration."
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2021-02-07T19:45:03
Updated: 2024-08-03T16:45:51.385Z
Reserved: 2021-01-11T00:00:00
Link: CVE-2021-3122

No data.

Status : Modified
Published: 2021-02-07T20:15:12.543
Modified: 2024-11-21T06:20:56.153
Link: CVE-2021-3122

No data.