CVE-2020-9063 Vulnerability Details

  /     /     /  

CVE-2020-9063 Metadata Quick Info

CVE Published: 21/08/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: certcc | Vendor: NCR | Product: SelfServ ATM
Status : PUBLISHED

CVE-2020-9063 Description

NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-120
CWE Name: CWE-120 Buffer Overflow
Source: NCR

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: