![]() ![]() The vulnerability also allows attackers full access to the operating system. It must be patched otherwise an attacker can read any file without authentication from a vulnerable MICROS workstation. The vulnerability achieved an 8.1 CVSS v3 score, which means it is dangerous. There are several ways of its exploitation, leading to the whole MICROS system compromise. “The attacker can snatch DB usernames and password hashes, brute them and gain full access to the DB with all business data. What counts here is that a number of MICROS POS systems are exposed to the Internet,” a statement from ERPScan says. “The security issue enables reading files from POS systems remotely without authentication and allows accessing a configuration file that stores sensitive information including passwords. While the vulnerability was reportedly fixed, the company is quick to stress that users must patch their systems regularly. They are commonly used in hospitality and hotels in 180 countries. Security firm ERPScan found the vulnerability, CVE-2018-2636, in Oracle's MICROS point-of-sale terminals. A vulnerability in Oracle's MICROS POS systems may affect more than 330,000 payment systems across the globe, putting files and sensitive information at risk.
0 Comments
Leave a Reply. |