CVE-2020-10126
Summary
| CVE | CVE-2020-10126 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-21 21:15:00 UTC |
| Updated | 2021-12-20 22:32:00 UTC |
| Description | NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive. |
Risk And Classification
Problem Types: CWE-347
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Ncr | Aptra Xfs | 05.01.00 | All | All | All |
| Operating System | Ncr | Aptra Xfs | 05.01.00 | All | All | All |
| Hardware | Ncr | Selfserv Atm | - | All | All | All |
| Hardware | Ncr | Selfserv Atm | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VU#815655 - NCR SelfServ ATM BNA contains multiple vulnerabilities | MISC | kb.cert.org | Third Party Advisory, US Government Resource |
| 404 Not Found | MISC | www.ncr.com | Broken Link |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.