CVE-2020-10124
Summary
| CVE | CVE-2020-10124 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-21 21:15:00 UTC |
| Updated | 2021-12-20 22:32:00 UTC |
| Description | NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery. |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Ncr | Aptra Xfs | 05.01.00 | All | All | All |
| Operating System | Ncr | Aptra Xfs | 05.01.00 | All | All | All |
| Hardware | Ncr | Selfserv Atm | - | All | All | All |
| Hardware | Ncr | Selfserv Atm | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VU#815655 - NCR SelfServ ATM BNA contains multiple vulnerabilities | MISC | kb.cert.org | Third Party Advisory, US Government Resource |
| 404 Not Found | MISC | www.ncr.com | Broken Link |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.