CVE-2020-10124 Information

Description

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt authenticate or verify the integrity of messages between the BNA and the host computer which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code including code that enables the attacker to commit deposit forgery.

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

https://kb.cert.org/vuls/id/815655 https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1