What is CVE-2021-3122?

CVE-2021-3122 is a critical vulnerability affecting NCR Command Center Agent 16.3, allowing unauthenticated remote command execution. Organizations must address this vulnerability immediately to prevent exploitation.

What is the severity of CVE-2021-3122?

CVE-2021-3122 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2021-3122 | Critical Vulnerability in NCR Command Center Agent

CVE-2021-3122 is a critical vulnerability affecting the NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. This vulnerability allows the submission of a runCommand parameter within an XML document sent to port 8089, enabling the remote, unauthenticated execution of arbitrary commands as SYSTEM. It has been reported to be actively exploited in the wild in 2020 and/or 2021. The vendor indicates that exploitation typically occurs only under specific misconfigurations.

With a CVSS score of 9.8, this vulnerability is classified as critical, indicating a severe threat to affected systems. Organizations using NCR Command Center Agent must recognize the potential risks associated with this vulnerability, as it poses a significant risk of unauthorized access and control over their systems.

Given the high exploitability score and the absence of required privileges or user interaction for exploitation, organizations are urged to prioritize remediation efforts. The urgency for defenders cannot be overstated, as attackers may leverage this vulnerability to gain system-level access.

Organizations should prioritize patching immediately to mitigate the risk associated with CVE-2021-3122.

Vulnerability Details

The NCR Command Center Agent 16.3 vulnerability allows for the submission of a malicious runCommand parameter, facilitating unauthorized command execution. This is categorized under CWE-78, which involves command injection vulnerabilities. The vulnerability was publicly disclosed on February 7, 2021.

The attack vector is network-based, with a low attack complexity and no privileges or user interaction required. It can lead to high impacts on confidentiality, integrity, and availability.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of the runCommand parameter within the NCR Command Center Agent. Attackers can exploit this flaw by submitting crafted XML requests to port 8089, allowing them to execute arbitrary commands on the server.

The attack complexity is classified as low, meaning that attackers do not need advanced skills to exploit this vulnerability. Moreover, no privileges are required, and user interaction is not necessary, making it particularly dangerous.

The impact on confidentiality, integrity, and availability is high, as successful exploitation can lead to complete control over the affected systems. Organizations must monitor their systems for any signs of exploitation.

Risk & Impact Analysis

The deployment of NCR Command Center Agent 16.3 presents significant real-world risks. Given its critical CVSS score, exploitation could lead to severe consequences, including unauthorized access to sensitive data and system manipulation. The blast radius potential is considerable, affecting not only the compromised systems but potentially extending to other connected systems within the network.

Organizations should address this vulnerability in their priority patch cycle, placing a strong emphasis on updating their systems to the latest secure version to mitigate this risk.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is NCR Command Center Agent 16.3. Organizations should consider all versions prior to vendor patch as vulnerable.

Mitigation & Remediation

To mitigate the risks associated with CVE-2021-3122, organizations must apply the latest patches provided by NCR. It is crucial to ensure that all systems running the Command Center Agent are updated to the most secure version available. If a patch is unavailable, organizations should implement configuration hardening strategies to restrict access to affected components.

Detection Guidance

Organizations should monitor logs for unusual command execution patterns and any unauthorized access attempts. Behavioral anomalies in the application could signal exploitation attempts. Additionally, establishing network signatures that can alert on malicious traffic directed at port 8089 will aid in detection.

AppSecure Threat Intelligence Insight

CVE-2021-3122 highlights the critical need for organizations to actively manage and monitor their software configurations. The high CVSS score indicates a severe vulnerability that could lead to significant operational impacts. Security teams should consider this vulnerability as part of their broader threat landscape and prioritize remediation efforts accordingly.

For comprehensive security practices, organizations should refer to our resource on vulnerability management program and continuously assess their security posture to mitigate risks effectively.

Additionally, ongoing education on security awareness and threat modeling can help teams stay ahead of potential vulnerabilities like CVE-2021-3122.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-3122: Critical Vulnerability in NCR Command Center Agent