Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistCertccCVELIST:CVE-2020-10125
HistoryAug 20, 2020 - 12:00 a.m.

CVE-2020-10125

2020-08-2000:00:00
CWE-326
certcc
www.cve.org

0.001 Low

EPSS

Percentile

45.7%

JSON

NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.

CNA Affected

[
  {
    "product": "SelfServ ATM",
    "vendor": "NCR",
    "versions": [
      {
        "status": "affected",
        "version": "APTRA XFS  04.02.01"
      },
      {
        "status": "affected",
        "version": "APTRA XFS  05.01.00"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
cert 1
prion
prion
Authentication flaw
2020-08-21 21:15:00
nvd
nvd
CVE-2020-10125
2020-08-21 21:15:11
cve
cve
CVE-2020-10125
2020-08-21 21:15:11
cert
cert
NCR SelfServ ATM BNA contains multiple vulnerabilities
2020-08-20 00:00:00

0.001 Low

EPSS

Percentile

45.7%

JSON
Related for CVELIST:CVE-2020-10125
prion1nvd1cve1cert1