NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2020-08-21T20:30:40.398640Z
Updated: 2024-09-16T17:54:07.946Z
Reserved: 2020-03-05T00:00:00
Link: CVE-2020-10125
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-08-21T21:15:11.497
Modified: 2024-11-21T04:54:52.277
Link: CVE-2020-10125
Redhat
No data.