-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0165
            Security Advisory: Oracle Hospitality Applications
                               18 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Oracle Hospitality Applications
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Existing Account      
                      Access Confidential Data        -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-3014 CVE-2018-3013 CVE-2018-3003
                      CVE-2018-3002 CVE-2018-3001 CVE-2018-3000
                      CVE-2018-2984 CVE-2018-2978 CVE-2018-2957
                      CVE-2018-2956 CVE-2018-2955 CVE-2017-5715
                      CVE-2017-0785 CVE-2016-1181 
Member content until: Friday, August 17 2018
Reference:            ASB-2018.0162
                      ASB-2018.0030
                      ASB-2017.0169
                      ASB-2018.0002.4

OVERVIEW

        Multiple vulnerabilities have been identified in 
         MICROS 700 Series Tablet, versions Prior to BIOS
          0.00.13ORC, Prior to BIOS 0.01.25ORC
         MICROS Handheld Terminal, versions  2018, Android 4.4.4
          Security Patch Bulletin prior to February 1
         MICROS Kitchen Display Controller, versions Prior to BIOS
          0.00.16ORC
         MICROS Workstation 6, versions prior to BIOS 1.3.1.0,
          prior to BIOS 1.5.2.0, prior to BIOS 2.3.1.0
         Oracle Hospitality Cruise Fleet Management System, version
          9.x
         Oracle Hospitality Cruise Shipboard Property Management
          System, version  8.x
         Oracle Hospitality Gift and Loyalty, version  9.0.0
         Oracle Hospitality OPERA 5 Property Services, version
          5.5.x
         Oracle Hospitality Reporting and Analytics, version  9.0.0
         Oracle Hospitality Simphony, versions  2.8,  2.9,  2.10
        [1]


IMPACT

        The vendor has provided the following information regarding
        the vulnerabilities:
        
        "This Critical Patch Update contains 24 new security fixes
        for Oracle Hospitality Applications.   7 of these
        vulnerabilities may be remotely exploitable without
        authentication,  i.e.,  may be exploited over a network
        without requiring user credentials." [1]
        
        
        
        "CVE-2018-2984
        
        8.1
        
        AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
        
        The supported version that is affected is 9.x. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via HTTP to compromise Oracle
        Hospitality Cruise Fleet Management System.  Successful
        attacks of this vulnerability can result in  unauthorized
        creation, deletion or modification access to critical data
        or all Oracle Hospitality Cruise Fleet Management System
        accessible data as well as  unauthorized access to critical
        data or complete access to all Oracle Hospitality Cruise
        Fleet Management System accessible data.
        
        CVE-2016-1181
        
        8.1
        
        AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
        
        The supported version that is affected is 12.1.0.5.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via HTTP to compromise
        Enterprise Manager for Fusion Middleware.  Successful
        attacks of this vulnerability can result in takeover of
        Enterprise Manager for Fusion Middleware.
        
        CVE-2016-1181
        
        8.1
        
        AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
        
        The supported version that is affected is 12.1.0.5.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via HTTP to compromise
        Enterprise Manager for Fusion Middleware.  Successful
        attacks of this vulnerability can result in takeover of
        Enterprise Manager for Fusion Middleware.
        
        CVE-2018-2956
        
        8.1
        
        AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
        
        The supported version that is affected is 5.5.x. Difficult
        to exploit vulnerability allows unauthenticated attacker
        with logon to the infrastructure where Oracle Hospitality
        OPERA 5 Property Services executes to compromise Oracle
        Hospitality OPERA 5 Property Services.  While the
        vulnerability is in Oracle Hospitality OPERA 5 Property
        Services, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in takeover of Oracle Hospitality OPERA 5 Property
        Services.
        
        CVE-2016-1181
        
        8.1
        
        AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
        
        The supported version that is affected is 12.1.0.5.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via HTTP to compromise
        Enterprise Manager for Fusion Middleware.  Successful
        attacks of this vulnerability can result in takeover of
        Enterprise Manager for Fusion Middleware.
        
        CVE-2016-1181
        
        8.1
        
        AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
        
        The supported version that is affected is 12.1.0.5.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via HTTP to compromise
        Enterprise Manager for Fusion Middleware.  Successful
        attacks of this vulnerability can result in takeover of
        Enterprise Manager for Fusion Middleware.
        
        CVE-2016-1181
        
        8.1
        
        AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
        
        The supported version that is affected is 12.1.0.5.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via HTTP to compromise
        Enterprise Manager for Fusion Middleware.  Successful
        attacks of this vulnerability can result in takeover of
        Enterprise Manager for Fusion Middleware.
        
        CVE-2018-2957
        
        7.5
        
        AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
        
        The supported version that is affected is 5.5.x. Easily
        exploitable vulnerability allows unauthenticated attacker
        with network access via HTTP to compromise Oracle
        Hospitality OPERA 5 Property Services.  Successful attacks
        of this vulnerability can result in  unauthorized access to
        critical data or complete access to all Oracle Hospitality
        OPERA 5 Property Services accessible data.
        
        CVE-2018-3002
        
        7.1
        
        AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is 9.x. Easily
        exploitable vulnerability allows unauthenticated attacker
        with logon to the infrastructure where Oracle Hospitality
        Cruise Fleet Management System executes to compromise Oracle
        Hospitality Cruise Fleet Management System.  While the
        vulnerability is in Oracle Hospitality Cruise Fleet
        Management System, attacks may significantly impact
        additional products.  Successful attacks of this
        vulnerability can result in  unauthorized access to critical
        data or complete access to all Oracle Hospitality Cruise
        Fleet Management System accessible data.
        
        CVE-2018-3000
        
        7.1
        
        AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is 8.x. Easily
        exploitable vulnerability allows unauthenticated attacker
        with logon to the infrastructure where Oracle Hospitality
        Cruise Shipboard Property Management System executes to
        compromise Oracle Hospitality Cruise Shipboard Property
        Management System.  While the vulnerability is in Oracle
        Hospitality Cruise Shipboard Property Management System,
        attacks may significantly impact additional products.
        Successful attacks of this vulnerability can result in
        unauthorized access to critical data or complete access to
        all Oracle Hospitality Cruise Shipboard Property Management
        System accessible data.
        
        CVE-2018-2978
        
        7.1
        
        AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
        
        Supported versions that are affected are 2.8, 2.9 and  2.10.
        Difficult to exploit vulnerability allows low privileged
        attacker with network access via HTTP to compromise Oracle
        Hospitality Simphony.  Successful attacks of this
        vulnerability can result in  unauthorized creation, deletion
        or modification access to critical data or all Oracle
        Hospitality Simphony accessible data as well as
        unauthorized access to critical data or complete access to
        all Oracle Hospitality Simphony accessible data and
        unauthorized ability to cause a partial denial of service
        (partial DOS) of Oracle Hospitality Simphony.
        
        CVE-2018-3013
        
        6.5
        
        AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
        
        The supported version that is affected is 5.5.x. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via HTTP to compromise Oracle
        Hospitality OPERA 5 Property Services.  Successful attacks
        of this vulnerability can result in  unauthorized access to
        critical data or complete access to all Oracle Hospitality
        OPERA 5 Property Services accessible data.
        
        CVE-2018-3014
        
        6.5
        
        AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
        
        The supported version that is affected is 5.5.x. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via HTTP to compromise Oracle
        Hospitality OPERA 5 Property Services.  Successful attacks
        of this vulnerability can result in  unauthorized access to
        critical data or complete access to all Oracle Hospitality
        OPERA 5 Property Services accessible data.
        
        CVE-2017-0785
        
        6.2
        
        AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
        
        Supported versions that are affected are Android 4.4.4
        Security Patch Bulletin prior to February 1 and  2018.
        Easily exploitable vulnerability allows unauthenticated
        attacker with logon to the infrastructure where MICROS
        Handheld Terminal executes to compromise MICROS Handheld
        Terminal.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS Handheld Terminal accessible data.
        
        CVE-2018-3003
        
        6.2
        
        AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
        
        The supported version that is affected is 9.x. Easily
        exploitable vulnerability allows unauthenticated attacker
        with logon to the infrastructure where Oracle Hospitality
        Cruise Fleet Management System executes to compromise Oracle
        Hospitality Cruise Fleet Management System.  Successful
        attacks of this vulnerability can result in  unauthorized
        access to critical data or complete access to all Oracle
        Hospitality Cruise Fleet Management System accessible data.
        
        CVE-2018-3001
        
        6.2
        
        AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
        
        The supported version that is affected is 8.x. Easily
        exploitable vulnerability allows unauthenticated attacker
        with logon to the infrastructure where Oracle Hospitality
        Cruise Shipboard Property Management System executes to
        compromise Oracle Hospitality Cruise Shipboard Property
        Management System.  Successful attacks of this vulnerability
        can result in  unauthorized access to critical data or
        complete access to all Oracle Hospitality Cruise Shipboard
        Property Management System accessible data.
        
        CVE-2017-5715
        
        5.6
        
        AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is Prior to BIOS
        0.00.13ORC. Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure where
        MICROS 700 Series Tablet executes to compromise MICROS 700
        Series Tablet.  While the vulnerability is in MICROS 700
        Series Tablet, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS 700 Series Tablet accessible data.
        
        CVE-2017-5715
        
        5.6
        
        AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is Prior to BIOS
        0.00.13ORC. Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure where
        MICROS 700 Series Tablet executes to compromise MICROS 700
        Series Tablet.  While the vulnerability is in MICROS 700
        Series Tablet, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS 700 Series Tablet accessible data.
        
        CVE-2017-5715
        
        5.6
        
        AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is Prior to BIOS
        0.00.13ORC. Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure where
        MICROS 700 Series Tablet executes to compromise MICROS 700
        Series Tablet.  While the vulnerability is in MICROS 700
        Series Tablet, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS 700 Series Tablet accessible data.
        
        CVE-2017-5715
        
        5.6
        
        AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is Prior to BIOS
        0.00.13ORC. Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure where
        MICROS 700 Series Tablet executes to compromise MICROS 700
        Series Tablet.  While the vulnerability is in MICROS 700
        Series Tablet, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS 700 Series Tablet accessible data.
        
        CVE-2017-5715
        
        5.6
        
        AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is Prior to BIOS
        0.00.13ORC. Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure where
        MICROS 700 Series Tablet executes to compromise MICROS 700
        Series Tablet.  While the vulnerability is in MICROS 700
        Series Tablet, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS 700 Series Tablet accessible data.
        
        CVE-2017-5715
        
        5.6
        
        AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is Prior to BIOS
        0.00.13ORC. Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure where
        MICROS 700 Series Tablet executes to compromise MICROS 700
        Series Tablet.  While the vulnerability is in MICROS 700
        Series Tablet, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS 700 Series Tablet accessible data.
        
        CVE-2017-5715
        
        5.6
        
        AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
        
        The supported version that is affected is Prior to BIOS
        0.00.13ORC. Difficult to exploit vulnerability allows low
        privileged attacker with logon to the infrastructure where
        MICROS 700 Series Tablet executes to compromise MICROS 700
        Series Tablet.  While the vulnerability is in MICROS 700
        Series Tablet, attacks may significantly impact additional
        products.  Successful attacks of this vulnerability can
        result in  unauthorized access to critical data or complete
        access to all MICROS 700 Series Tablet accessible data.
        
        CVE-2018-2955
        
        5.3
        
        AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
        
        The supported version that is affected is 5.5.x. Easily
        exploitable vulnerability allows unauthenticated attacker
        with network access via HTTP to compromise Oracle
        Hospitality OPERA 5 Property Services.  Successful attacks
        of this vulnerability can result in  unauthorized read
        access to a subset of Oracle Hospitality OPERA 5 Property
        Services accessible data." [2]


MITIGATION

        "Due to the threat posed by a successful attack, Oracle
        strongly recommends that customers apply CPU fixes as soon
        as possible. Until you apply the CPU fixes, it may be
        possible to reduce the risk of successful attack by blocking
        network protocols required by an attack. For attacks that
        require certain privileges or access to certain packages,
        removing the privileges or the ability to access the
        packages from users that do not need the privileges may help
        reduce the risk of successful attack. Both approaches may
        break application functionality, so Oracle strongly
        recommends that customers test changes on non-production
        systems. Neither approach should be considered a long-term
        solution as neither corrects the underlying problem." [1]


REFERENCES

        [1] Oracle Critical Patch Update Advisory - July 2018
            http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

        [2] Text Form of Oracle Critical Patch Update - July 2018 Risk Matrices
            http://www.oracle.com/technetwork/security-advisory/cpujul2018verbose-4258253.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW07WNWaOgq3Tt24GAQgQMg/+LgATmkna62J+pxbMRye01GMgoEJWYYhl
qHBqEV9Nd526o9XlwYJjFids6mBgxhDxTmK5OjLyYNxDdVD6qp6uGSzrC44E0Cqj
ngjVrVV6WsXoCvWGap9VkFpn9uhv1qczwUH0KuSyYfX+0Pm8BARms4lUiI15q+Fg
q+4W/IZUwgk1/Biy4L2U0wFfP8taxvOAXYOf5FjcE/Nh6Kekwj/+1wy+ZvslL2gi
25UCJV4RezWHxMhLA5NvowiTnr6Cta15Edvcj+Grdth3Nr2Vm/a93ehizlLwMQ0e
4oO73XhnzR0iq7XOx4F003II5213UOPkpvcZ4gyPjSUiwF4gmHr63cPUlWcMOn1B
Kr3d3OmT3JzvqYxTyINlsVvHMrvDY4Dz8Nls6ZcxX6HwScjwOFDIsJ9HXUN6I+Ck
dWi5jpr+GSuqZAN8m0QZXAANWn1kikR/fPEeSSC5KOmxHgPnAKHQaotnv66p6GWu
bhHNPefXNGNW2mgO8sCdJ6wFDt8UVmuHjWLSo8NGUmNbciBTFTfay/DaS1kkAPv4
aHARgYNXUCbeW4cNU9+YG+9Syb3kwdDJSY9qxJfNJjjWfATVXvkNrMeftal1c55k
WsjypPg6wTsJxjY2+cbgg9ZW9587ojkArhdnfXb3S2b3LXyXpaU3vY5TNAQfhbqU
0lH0FBYkDWM=
=TMV3
-----END PGP SIGNATURE-----