CVE-2020-10126
First published: Thu Aug 20 2020(Updated: )
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| XFS ACL | =05.01.00 | |
| NCR SelfServ ATM |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10126?
CVE-2020-10126 has a high severity rating due to its potential for arbitrary code execution with SYSTEM privileges.
How do I fix CVE-2020-10126?
To fix CVE-2020-10126, ensure that your NCR SelfServ ATMs running APTRA XFS 05.01.00 have the latest security updates and patches applied.
Who is affected by CVE-2020-10126?
NCR SelfServ ATMs that are running APTRA XFS version 05.01.00 are affected by CVE-2020-10126.
What type of access is required to exploit CVE-2020-10126?
Exploitation of CVE-2020-10126 requires physical access to the ATM's internal components.
What can an attacker do if they exploit CVE-2020-10126?
If exploited, an attacker can restart the host computer and execute arbitrary code, potentially compromising the ATM system.
- agent/weakness
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ncr
- canonical/xfs acl
- version/xfs acl/05.01.00
- canonical/ncr selfserv atm