CVE-2019-3025
published 2019-10-16CVE-2019-3025: Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult…
PriorityP271critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EXPLOIT
EPSS
14.46%
96.2th percentile
Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Food and Beverage Applications. The supported version that is affected is 5.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality RES 3700. While the vulnerability is in Oracle Hospitality RES 3700, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality RES 3700. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | hospitality_res_3700 | — | — |
| oracle_corporation | hospitality_res_3700 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploit attempts by matching HTTP POST requests to port 50123 with the User-Agent string 'MDS POS Client' and Content-Type 'text/xml'. ↗
- →The exploit uses the SOAP/XML action 'TransferFile' within the 'MDSSYSUTILS' service — alert on XML bodies containing these strings arriving on port 50123. ↗
- →Monitor for creation of scheduled task files (.job) in C:\Windows\Tasks\ and executable drops in C:\Windows\System32\ as post-exploitation indicators. ↗
- →The vulnerability is exploitable over HTTP (unauthenticated, network-accessible) — block or restrict external access to TCP port 50123 on Oracle Hospitality RES 3700 hosts. ↗
- ·The exploit targets only version 5.7 of Oracle Hospitality RES 3700; detections should be scoped to hosts running this specific version. ↗
- ·Exploitation is rated 'Difficult' (AC:H) due to high attack complexity, meaning opportunistic mass scanning is less likely but targeted attacks remain a serious risk. ↗
- ·Successful exploitation can result in full system takeover with scope change (S:C), meaning lateral movement to adjacent systems beyond the RES 3700 host is possible. ↗
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
http://packetstormsecurity.com/files/157746/Oracle-Hospitality-RES-3700-5.7-Remote-Code-Execution.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttp://packetstormsecurity.com/files/157746/Oracle-Hospitality-RES-3700-5.7-Remote-Code-Execution.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
2019-10-16
Published