PT-2020-11946 · Ncr · Aptra Xfs+1

Dmitry Turchenkov

Published

2020-08-21

Updated

2025-11-04

CVE-2020-10124

CVSS v3.1

7.1

High

Vector

AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NCR SelfServ ATMs version APTRA XFS 05.01.00

Description The issue concerns a lack of encryption, authentication, and integrity verification of messages between the BNA and the host computer. This could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.

Recommendations For NCR SelfServ ATMs version APTRA XFS 05.01.00, consider implementing encryption, authentication, and integrity verification of messages between the BNA and the host computer to prevent arbitrary code execution. As a temporary workaround, restrict physical access to the internal components of the ATM to minimize the risk of exploitation.

Fix

Missing Encryption of Sensitive Data

Missing Authentication

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-353CWE-311CWE-306CWE-319

Related Identifiers

CVE-2020-10124

Affected Products

Aptra Xfs

Ncr Selfserv Atms

PT-2020-11946 · Ncr · Aptra Xfs+1

CVE-2020-10124

Weakness Enumeration

Related Identifiers

Affected Products

References · 5