Oracle Micros POS Critical Flaw Affects More Than 300,000 Payment Systems

SHARE:

Recently, Oracle security team released a security update patch of a critical remotely exploitable vulnerability that affects MICROS Poi...

Oracle-micros-pos-flaw

Recently, Oracle security team released a security update patch of a critical remotely exploitable vulnerability that affects MICROS Point-of-Sale (POS) Retail System business solutions for restaurant & hospitality industry.

The patch has been released as part of Oracle's January 2018 along with total 238 security vulnerabilities patches released in its various products.

Read More: The British Hero Is Forced Into Malware Confession, Lawyer Says

As per public disclosure by ERPScan, the security company which discovered and reported about this issue to the company, Oracle's MICROS EGateway Application Service, deployed by more than 300,000 retailers and business companies worldwide, is vulnerable to directory traversal vulnerability attack.

If the vulnerability exploited, (CVE-2018-2636) vulnerability  can allow anyone to has access to the vulnerable URL, the attacker can steal numerous files from the MICROS workstation containing services logs and read files like SimphonyInstall.xml or Dbconfix.xml which contain usernames and encrypted passwords to connect to DB, get information about ServiceHost, etc.

The attacker can also snatch DB usernames and password hashes, brute them and gain full access to the DB with all business data. There are several ways of its exploitation, leading to the whole MICROS system compromise.

ERPScan has also released a proof-of-concept Python-based exploit
Advertisement
Advertisement
Advertisement
Name

Aiobuy Dark Web Market,1,American Hackers,1,Android Malware,1,BIOS,1,Bitcoin,3,BitLocker Password,1,Blackberry,1,Botnet,3,British Hacker Jailed,1,Bypass BIOS and BitLocker,1,Chinese Hackers,1,CoinHive,2,Computer Network,1,Crypter,1,Cryptocurrency,5,CryptoMiner,4,Cyber Attack,3,Cyber Warfare,1,Cybercrime,6,Cybercriminal,3,Cybersecurity,2,Data Theft,2,DDoS,2,Denial of Service Attack,1,Department of Homeland Security,1,F-Secure,1,F5 Network,1,Fancy Bear,1,FBI,2,Federal Bureau of Investigation,3,Federal Investigation Agency FIA,1,Flaw,1,Foreign Intelligence Surveillance Act,1,Google,2,Google Apps Script,1,Google Drive,1,Hacker Arrested,2,Hackers,2,Hacktivist,1,Hancock Health Hospital,1,Hospital,1,Infy Group,1,Intel Active Management Technology,1,Intel AMT,1,Intelligence Agencies,3,Internet of Things,1,Internet Scam,1,Irani Hackers,1,Israeli Defense Ministry,1,Israeli Government,1,JBoss Exploit,1,Kaspersky Labs,1,Kronos,1,Laptop,1,Linux,2,Malware,8,Meltdow,1,Monero Crypto,1,Money Fraud,3,NASA,1,National Security Agency,2,Network,1,Network Security,1,NSA,1,OnePlus Credit Card Breach,1,Online Payment System,1,Oracle Micros POS,1,Pakistan Police,1,Palo Alto Network,1,PayPal,1,Phishing Attacks,1,Pokemon,1,Proofpoint,1,PyCryptoMiner,1,Ransomware,2,Remote Access Trojan Tool,1,Russian Hacking Group,2,SamSam Ransomware,2,Section 702,1,Security,2,Security Breach,1,Security Features,1,Security Researcher,2,Security Vulnerability,1,SkyGoFree,1,Skype,1,Smartphones,1,Spectre,1,State Sponsor Cyber Attack,1,Surveillance,2,Unauthorized Computer Access,3,Unidentified Hacker,4,United State Government,4,US Army,1,US Department of Defense,2,Vulnerability,1,WannaCry,1,Whatsapp,1,Wi-Fi,1,Wi-Fi Protected Access WPA3,1,Windows,1,WPA2,1,WPA3,1,YouTube,1,Zero-Day Exploits,1,
ltr
item
Fishy Security Lab Blog | Information Security News Blog: Oracle Micros POS Critical Flaw Affects More Than 300,000 Payment Systems
Oracle Micros POS Critical Flaw Affects More Than 300,000 Payment Systems
https://1.bp.blogspot.com/-o1UHGowCe_c/WnJALppc7nI/AAAAAAAACf4/sagQDotmAagabzunKS1Gt3rOtpJBx9ojwCLcBGAs/s1600/orcale-micros-pos.jpg
https://1.bp.blogspot.com/-o1UHGowCe_c/WnJALppc7nI/AAAAAAAACf4/sagQDotmAagabzunKS1Gt3rOtpJBx9ojwCLcBGAs/s72-c/orcale-micros-pos.jpg
Fishy Security Lab Blog | Information Security News Blog
https://blog.fishyseclab.com/2018/01/oracle-micros-pos.html
https://blog.fishyseclab.com/
https://blog.fishyseclab.com/
https://blog.fishyseclab.com/2018/01/oracle-micros-pos.html
true
4151341886699971489
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy