Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
erpscanERPScanERPSCAN-18-002
HistoryJul 21, 2017 - 12:00 a.m.

Oracle MICROS POS missing authorisation check

2017-07-2100:00:00
erpscan.io
546

EPSS

0.638

Percentile

97.9%

JSON

Application: Oracle MICROS POS **Versions Affected:**Oracle Hospitality Simphony 2.7-2.9 Vendor URL: Oracle **Bug:**Missing Authentication for Critical Function **Reported:**21.07.2017 **Vendor response:**22.07.2017 **Date of Public Advisory:**17.01.2018 Reference:Oracle CPU January 2018 Author: Dmitry Chastuhin (ERPScan) aka @_chipik

VULNERABILITY INFORMATION

Class: Missing Authentication
Risk: High
Impact: Provides an attacker with the privilege to read sensitive data
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2018-2636

CVSS Information

CVSS Base Score v3: 8.1 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) High (H)
PR: Privileges Required (Level of privileges needed to exploit) None (N)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality High (H)
I: Impact to Integrity High (H)
A: Impact to Availability High (H)

VULNERABILITY DESCRIPTION

A remote unauthenticated attacker can read any file and receive information on various services without authentication from a vulnerable MICROS workstation. The attacker can snatch DB usernames and password hashes, brute them and gain full access to the DB with all business data.

VULNERABLE PACKAGES

Oracle Hospitality Simphony: 2.7
Oracle Hospitality Simphony: 2.8
Oracle Hospitality Simphony: 2.9

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, implement Oracle CPU January 2018

TECHNICAL DESCRIPTION

Proof of Concept

In case an insider has access to the vulnerable URL, he or she can pilfer numerous files from the MICROS workstation including services logs and read files like SimphonyInstall.xml or Dbconfig.xml that contain usernames and encrypted passwords to connect to DB, get information about ServiceHost, etc.

You can find more information on CVE-2018-2636 in our blog and script to be sure that your environment has no such vulnerabilities.

Related

checkpoint_advisories 1
prion 1
threatpost 1
cve 1
exploitdb 1
packetstorm 1
thn 1
zdt 1
nvd 1
exploitpack 1
cvelist 1
oracle 1
checkpoint_advisories
checkpoint_advisories
Oracle Hospitality Simphony Remote Code Execution (CVE-2018-2636)
2020-06-25 00:00:00
prion
prion
Buffer overflow
2018-01-18 02:29:00
threatpost
threatpost
Oracle MICROS POS Vulnerability Puts 300,000 Systems at Risk
2018-02-01 17:26:17
cve
cve
CVE-2018-2636
2018-01-18 02:29:20
exploitdb
exploitdb
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal
2018-02-02 00:00:00
packetstorm
packetstorm
Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal
2018-02-03 00:00:00
thn
thn
Critical Oracle Micros POS Flaw Affects Over 300,000 Payment Systems
2018-01-31 04:56:00
zdt
zdt
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal Exploit
2018-02-02 00:00:00
nvd
nvd
CVE-2018-2636
2018-01-18 02:29:20
exploitpack
exploitpack
Oracle Hospitality Simphony (MICROS) 2.7 2.9 - Directory Traversal
2018-02-02 00:00:00
cvelist
cvelist
CVE-2018-2636
2018-01-18 02:00:00
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

EPSS

0.638

Percentile

97.9%

JSON
Related for ERPSCAN-18-002
checkpoint_advisories1prion1threatpost1cve1exploitdb1packetstorm1thn1zdt1nvd1exploitpack1cvelist1oracle1