USB HID Communication Vulnerability in NCR SelfServ ATMs
CVE-2020-9063

7.6HIGH

Key Information:

Vendor

Ncr

Status
Selfserv Atm
Vendor
CVE Published:
21 August 2020

What is CVE-2020-9063?

The NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier are susceptible to security issues due to a lack of authentication and integrity protection for USB HID communications between the currency dispenser and the host system. This allows an attacker with physical access to exploit the vulnerability by injecting malicious payloads, leading to arbitrary code execution with SYSTEM privileges on the host computer. The potential for buffer overflow attacks can compromise the security of ATM operations significantly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SelfServ ATM APTRA XFS <= 05.01.00

References

https://kb.cert.org/vuls/id/116713
x_refsource_MISC
https://www.ncr.com/content/dam/ncrcom/content-type/docum...
x_refsource_MISC
https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_a...
x_refsource_MISC

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.