CVE Vulnerabilities

CVE-2020-10123

Improper Authentication

Published: Aug 21, 2020 | Modified: Aug 27, 2020
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Aptra_xfs Ncr * 05.01.00

Potential Mitigations

References