CVE-2020-10124
First published: Fri Aug 21 2020(Updated: )
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| XFS ACL | =05.01.00 | |
| NCR SelfServ ATM |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10124?
CVE-2020-10124 is classified as a critical vulnerability due to its potential for arbitrary code execution by an attacker with physical access to the ATM.
How do I fix CVE-2020-10124?
To mitigate CVE-2020-10124, upgrade the NCR APTRA XFS software to a version that incorporates message encryption and authentication.
What systems are affected by CVE-2020-10124?
CVE-2020-10124 affects NCR SelfServ ATMs running APTRA XFS version 05.01.00.
Can CVE-2020-10124 be exploited remotely?
CVE-2020-10124 requires physical access to the ATM for exploitation, making remote attacks unlikely.
What are the potential impacts of CVE-2020-10124?
Exploitation of CVE-2020-10124 may enable attackers to execute arbitrary code on the ATM, potentially leading to unauthorized access and financial theft.
- agent/references
- agent/weakness
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ncr
- canonical/xfs acl
- version/xfs acl/05.01.00
- canonical/ncr selfserv atm