CVE-2021-3122 Scanner

NCR Command Center Agent is used by organizations to manage and configure Aloha POS/BOH servers. The software provides centralized control for remote command execution and system diagnostics. Users of NCR Command Center Agent can streamline management operations across multiple sites. It is primarily used in retail and hospitality industries to ensure efficient point-of-sale operations. The software facilitates easy deployment of updates and configuration changes. By using NCR Command Center Agent, businesses can enhance their operational efficiency and service quality.

The vulnerability involves the remote execution of commands in NCR Command Center Agent version 16.3 through an improperly secured function. A flaw in the processing of the 'runCommand' parameter within XML documents allows an attacker to execute arbitrary commands. This vulnerability does not require authentication, making it easily exploitable. The impact of this vulnerability has been significant enough to be exploited in real-world attacks. The vendor has noted that exploitation is possible due to a specific misconfiguration. Mitigating such vulnerabilities is crucial to maintain system integrity and security.

Technical details reveal that exploitation is possible by sending crafted XML data to port 8089, containing the 'runCommand' parameter. The function that processes this parameter lacks adequate checks against command injection, leading to remote code execution. Attackers can run arbitrary system-level commands, potentially compromising the entire server. This vulnerability leverages the network access and does not involve user interaction. Exploiting such vulnerabilities could lead to total system compromise, with the attacker gaining SYSTEM-level access. Effective mitigation involves secure configurations and rigorous input validation routines.

The possible effects of exploiting this vulnerability include unauthorized control over the server running NCR Command Center Agent. Attackers can execute commands at the SYSTEM level, leading to severe data breaches and operational disruptions. A successful exploit could also lead to unauthorized data access, including sensitive business and customer information. System hijacking might result in financial loss and reputational damage for businesses relying on this software. Additionally, there is a risk of deploying malware or further exploits onto compromised systems if this vulnerability is not addressed.

REFERENCES

• https://github.com/acquiredsecurity/CVE-2021-3122-Details/blob/main/CVE-2021-3122
• https://nvd.nist.gov/vuln/detail/CVE-2021-3122