CVE-2020-10126

EPSS 0.03%
Veröffentlicht 21.08.2020 21:15:11
Zuletzt bearbeitet 04.11.2025 20:15:56
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ncr ≫ Aptra Xfs Version05.01.00

Ncr ≫ Selfserv Atm Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.07

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.6	0.9	6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://kb.cert.org/vuls/id/815655

Third Party Advisory

US Government Resource

https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_

Broken Link

https://www.kb.cert.org/vuls/id/815655

https://nvd.nist.gov/vuln/detail/CVE-2020-10126

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10126

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10126

EUVD