What is CVE-2021-3122?

CVE-2021-3122 is a vulnerability in N/a. Published 2021-02-07.

Is CVE-2021-3122 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-3122

CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SY…

EPSS: 0.904 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

acquiredsecurity/CVE-2021-3122-Details
rapid7/metasploit-framework
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
NaInSec/CVE-PoC-in-GitHub
SYRTI/POC_
WhooAmii/POC_
developer3000S/PoC-in-GitHub
k0mi-tg/CVE-POC
manas3c/CVE-POC

References

rdf2.alohaenterprise.com/client/CMCInst.zip (x_refsource_MISC)
www.tetradefense.com/incident-response-services/active-exploit-a-remote-code-ex… (x_refsource_MISC)
github.com/roughb8722/CVE-2021-3122-Details/blob/main/CVE-2021-3122 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3122?: CVE-2021-3122 is a vulnerability in N/a. Published 2021-02-07.
Is CVE-2021-3122 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.