CVE-2020-10123
N/A
N/A
Summary
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NCR | SelfServ ATM | APTRA XFS <= 05.01.00 | affected |
Weaknesses
- CWE-305: CWE-305 Authentication Bypass by Primary Weakness
ADP Enrichment
CVE Program Container
Additional References
- https://kb.cert.org/vuls/id/116713
- https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf
- https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf
- https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf
- https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf
- https://www.kb.cert.org/vuls/id/116713
References
- https://kb.cert.org/vuls/id/116713
- https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf
- https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf
- https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf
- https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.