Message Integrity Issue in NCR SelfServ ATMs Using APTRA XFS
CVE-2020-10124

7.1HIGH

Key Information:

Vendor: Ncr
Status: Selfserv Atm
Vendor: CVE Published:; 21 August 2020

What is CVE-2020-10124?

The NCR SelfServ ATMs operating with APTRA XFS 05.01.00 exhibit a critical weakness in their message handling process. The lack of encryption, authentication, and integrity verification for communications between the BNA and the host system exposes the ATM to potential exploitation. An attacker with physical access to the ATM's internal components may execute arbitrary code, creating avenues for malicious activities, including deposit forgery. This vulnerability highlights the need for stringent security measures and regular updates to ensure ATM integrity and customer safety.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SelfServ ATM APTRA XFS 05.01.00

References

https://kb.cert.org/vuls/id/815655

x_refsource_MISC

https://www.ncr.com/content/dam/ncrcom/content-type/docum...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 21, 2020
Vulnerability Reserved
Mar 5, 2020

JSON

Ncr

What is CVE-2020-10124?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.