CVE-2018-2636

HIGH

Oracle Hospitality Simphony <2.9 - RCE

Title source: llm

Description

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Exploits (3)

exploitdb WORKING POC VERIFIED

by Dmitry Chastuhin · pythonwebappsmultiple

https://www.exploit-db.com/exploits/43960

View Code ZIP pw:eip

nomisec WORKING POC 22 stars

by erpscanteam · poc

https://github.com/erpscanteam/CVE-2018-2636

View Code ZIP pw:eip

nomisec WORKING POC 17 stars

by Cymmetria · poc

https://github.com/Cymmetria/micros_honeypot

View Code ZIP pw:eip

References (6)

[Various Sources] https://github.com/erpscanteam/CVE-2018-2636

[Third Party Advisory] https://erpscan.io/advisories/erpscan-18-002-oracle-micros-pos-missing-authorisation-check/

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43960/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102560

[Third Party Advisory] https://erpscan.io/press-center/blog/oracle-micros-pos-breached/

Scores

CVSS v3 8.1

EPSS 0.6587

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (3)

oracle/hospitality_simphony 2.7

oracle/hospitality_simphony 2.8

oracle/hospitality_simphony 2.9

Published Jan 18, 2018

Tracked Since Feb 18, 2026