CVE-2020-10124

Sažetak

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.

Reference

https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_
https://kb.cert.org/vuls/id/815655

CVSS

Base:	4.4
Impact:	6.4
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-12-2021 - 22:32

Objavljeno

21-08-2020 - 21:15