Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

OSV
OSVadded 2020/08/21 9:15 p.m.1 views

CVE-2020-9063

NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and...

7.6CVSS7.7AI score
Exploits0References6
NVD
NVDadded 2020/08/21 9:15 p.m.11 views

CVE-2020-10124

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...

7.1CVSS7.1AI score0.0257EPSS
Exploits0References3
NVD
NVDadded 2020/08/21 9:15 p.m.9 views

CVE-2020-10126

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...

7.6CVSS7.7AI score0.00029EPSS
Exploits0References3
OSV
OSVadded 2020/08/21 9:15 p.m.1 views

CVE-2020-10123

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...

5.3CVSS6.1AI score0.00104EPSS
Exploits1References6
Prion
Prionadded 2020/08/21 9:15 p.m.18 views

Buffer overflow

NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and...

7.2CVSS7.8AI score0.00221EPSS
Exploits1References5Affected Software1
Prion
Prionadded 2020/08/21 9:15 p.m.16 views

Design/Logic Flaw

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...

2.1CVSS5.8AI score0.00104EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2020/08/21 8:30 p.m.70 views

CVE-2020-9063

Summary of CVE-2020-9063: NCR SelfServ ATMs with APTRA XFS 05.01.00 or older have USB HID communications between the currency dispenser and the host that are not authenticated or protected for integrity, allowing a physically proximate attacker to cause a host buffer overflow, inject a payload, a...

7.6CVSS7.8AI score0.00221EPSS
Exploits1References6Affected Software1
CVE
CVEadded 2020/08/21 8:30 p.m.69 views

CVE-2020-10125

CVE-2020-10125 affects NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 . The issue is that these versions implement 512-bit RSA certificates to validate BNA software updates. An attacker with physical access can exploit the weak key strength to sign arbitrary files and CAB archives used...

7.6CVSS7.6AI score0.00024EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2020/08/21 8:30 p.m.79 views

CVE-2020-10126

CVE-2020-10126 concerns NCR SelfServ ATMs running APTRA XFS 05.01.00 . The issue is that the update process during boot does not validate the signature of CAB archives on removable media, causing arbitrary code execution with SYSTEM privileges when updating the BNA (bunch note acceptor). An attac...

7.6CVSS7.7AI score0.00029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2020/08/21 8:30 p.m.11 views

CVE-2020-10123

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...

5.9AI score0.00104EPSS
Exploits1References5
CVE
CVEadded 2020/08/21 8:30 p.m.75 views

CVE-2020-10124

CVE-2020-10124 affects NCR SelfServ ATMs running APTRA XFS 05.01.00. The vulnerability is due to the BNA–host communications not being encrypted, authenticated, or integrity-checked, enabling a physically proximate attacker to potentially execute arbitrary code and commit deposit forgery. The doc...

7.1CVSS7.1AI score0.0257EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2020/08/21 8:30 p.m.11 views

CVE-2020-10124

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...

7.2AI score0.0257EPSS
Exploits0References2
CERT
CERTadded 2020/08/20 12:0 a.m.51 views

NCR SelfServ ATM dispenser software contains multiple vulnerabilities

Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...

7.6CVSS7.1AI score0.00221EPSS
Exploits2References7
Rows per page
Query Builder