NCR Terminal Handler Settings Manipulation Vulnerability Allowing Arbitrary Command Execution

A vulnerability in NCR Terminal Handler version 1.5.1 allows attackers to manipulate application roles and configurations, leading to the execution of arbitrary commands. This includes the ability to edit system security auditing settings. The vulnerability arises from improper handling of role management endpoints, which can be exploited to alter role statuses and descriptions, particularly those related to auditing logs. Such manipulations can disrupt application functionality by, for example, deactivating critical roles or deleting roles entirely, causing the application to malfunction.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution and manipulation of security auditing configurations, potentially allowing for malicious activities to be concealed or misrepresented.

Reproduction

The vulnerability can be reproduced by accessing the WSDL endpoint and utilizing the RoleService and EntryTypeService functionalities. After inspecting the available services, the vulnerability can be exploited by creating or updating roles with payloads that manipulate auditing log configurations. Deleting application roles through the appropriate endpoint can also be done, but this may disrupt overall application functionality.