How is Oracle Micros POS affected by CVE 2018-2636?


Learn to apply best practices and optimize your operations.

A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.

An ERPScan security researcher discovered a flaw that enables the installation of point-of-sale malware on Oracle…


* remove unnecessary class from ul
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

* Replace “errorMessageInput” class with “sign-up-error-msg” class
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {

* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
return validateReturn;

* DoC pop-up window js – included in moScripts.js which is not included in responsive page
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {, “Consent”, “width=500,height=600,scrollbars=1”);

Micros POS systems. How serious is this flaw?

As malware and botnets that attack mobile devices seem to be going out of favor with attackers, the bad guys are shifting their attention back to point-of-sale (POS) systems.

Attackers like to target POS systems, such as Oracle Micros POS, because they process payment data and are pervasively deployed. Malware targeting POS systems, including RAM scrapers, have been detected more and more over the last several years after they received increased attention in the PCI DSS specification.

Recently, ERPScan B.V. found a vulnerability in Oracle’s Micros POS that could be used to gain access to the POS system. The vulnerability, CVE-2018-2636, was initially — and innocuously — classified as a directory traversal bug.

However, the vulnerability is much more serious, as an attacker can download any file — including the main configuration file — containing username and password information. With this information, an attacker can connect to a server to gain access to data or to use credentials for lateral access to the network.

ERPscan identified 170 systems on the internet that might be vulnerable to this attack. However, an attacker with access to a wireless network or an open network port on the target’s network could also exploit the vulnerability.

Oracle released a patch for Oracle Micros POS in the January 2018 Critical Patch Update, and it should be installed to maintain the security of POS environments.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Dig Deeper on Emerging cyberattacks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.

Source link


About the author


Add Comment

Click here to post a comment

Your email address will not be published.

Gadget Greed