20 matches found
EUVD-2020-29892
Malware in sbrugna...
EUVD-2020-2588
Malware in sbrugna...
EUVD-2020-2589
Malware in sbrugna...
CVE-2020-10126
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...
CVE-2020-10124
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...
CVE-2020-10123
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating...
CVE-2020-10125
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor BNA software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files...
Buffer overflow
NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and...
Code injection
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...
Authentication flaw
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor BNA software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files...
CVE-2020-9063
NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and...
CVE-2020-9063
Summary of CVE-2020-9063: NCR SelfServ ATMs with APTRA XFS 05.01.00 or older have USB HID communications between the currency dispenser and the host that are not authenticated or protected for integrity, allowing a physically proximate attacker to cause a host buffer overflow, inject a payload, a...
CVE-2020-10126
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...
CVE-2020-10125
CVE-2020-10125 affects NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 . The issue is that these versions implement 512-bit RSA certificates to validate BNA software updates. An attacker with physical access can exploit the weak key strength to sign arbitrary files and CAB archives used...
CVE-2020-10125
NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor BNA software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files...
CVE-2020-10126
CVE-2020-10126 concerns NCR SelfServ ATMs running APTRA XFS 05.01.00 . The issue is that the update process during boot does not validate the signature of CAB archives on removable media, causing arbitrary code execution with SYSTEM privileges when updating the BNA (bunch note acceptor). An attac...
CVE-2020-10124
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the...
CVE-2020-10124
CVE-2020-10124 affects NCR SelfServ ATMs running APTRA XFS 05.01.00. The vulnerability is due to the BNA–host communications not being encrypted, authenticated, or integrity-checked, enabling a physically proximate attacker to potentially execute arbitrary code and commit deposit forgery. The doc...
NCR SelfServ ATM BNA contains multiple vulnerabilities
Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 04.02.01 and 05.01.00 are vulnerable to physical attacks on the communications bus between the host computer and the bunch note accepter BNA. Description NCR ATM SelfServ devices running APTRA XFS 04.02.01 and 05.01.00 contain...
NCR SelfServ ATM dispenser software contains multiple vulnerabilities
Overview NCR SelfServ automated teller machines ATMs running APTRA XFS 05.01.00 or older are vulnerable to physical attacks on the communications bus between the currency dispenser component and the host computer. Description NCR SelfServ ATMs running APTRA XFS 05.01.00 or older contain...