CVE-2020-10124

low-risk
Published 2020-08-21

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.

Do I need to act?

~
2.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
PHYSICAL / HIGH complexity

Affected Products (1)

Aptra Xfs

Affected Vendors

Ncr

References (5)

Third Party Advisory https://kb.cert.org/vuls/id/815655
Broken Link https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert...
Third Party Advisory https://kb.cert.org/vuls/id/815655
https://www.kb.cert.org/vuls/id/815655
Broken Link https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert...
29
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal