PT-2020-20466 · Ncr · Aptra Xfs
Published
2020-08-21
·
Updated
2025-11-04
·
CVE-2020-9063
CVSS v3.1
7.6
High
| Vector | AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NCR SelfServ ATMs running APTRA XFS versions 05.01.00 and earlier
Description
The issue concerns a lack of authentication and integrity protection in USB HID communications between the currency dispenser and the host computer. This allows an attacker with physical access to internal ATM components to inject malicious payloads and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow.
Recommendations
For APTRA XFS versions 05.01.00 and earlier, consider restricting physical access to internal ATM components to minimize the risk of exploitation. As a temporary workaround, restrict access to the USB HID interface until a patch is available.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aptra Xfs