CVE-2020-10126 Explained : Impact and Mitigation

NCR SelfServ ATMs running APTRA XFS 05.01.00 have a vulnerability that allows an attacker with physical access to execute arbitrary code with SYSTEM privileges.

Understanding CVE-2020-10126

NCR SelfServ ATMs running APTRA XFS 05.01.00 are susceptible to an authentication bypass vulnerability.

What is CVE-2020-10126?

The vulnerability in NCR SelfServ ATMs running APTRA XFS 05.01.00 enables an attacker with physical access to internal ATM components to execute arbitrary code with SYSTEM privileges by exploiting the software update validation process.

The Impact of CVE-2020-10126

The vulnerability allows an attacker to restart the host computer and execute arbitrary code with SYSTEM privileges, posing a significant security risk to the ATM and potentially compromising sensitive data.

Technical Details of CVE-2020-10126

NCR SelfServ ATMs running APTRA XFS 05.01.00 are affected by an authentication bypass vulnerability.

Vulnerability Description

The vulnerability arises from the improper validation of software updates for the bunch note acceptor (BNA) in NCR SelfServ ATMs, allowing an attacker to execute arbitrary code with SYSTEM privileges.

Affected Systems and Versions

Product: SelfServ ATM
Vendor: NCR
Version: APTRA XFS 05.01.00

Exploitation Mechanism

During booting, the update process of the ATM looks for CAB archives on removable media and executes a specific file without validating the signature of the CAB archive, leading to the execution of arbitrary code.

Mitigation and Prevention

Immediate Steps to Take:

Implement physical security measures to restrict unauthorized access to ATM components.
Regularly monitor ATM activity for any suspicious behavior.

Long-Term Security Practices:

Keep ATM software up to date with the latest security patches.
Conduct regular security assessments and penetration testing on ATMs.

Patching and Updates:

Apply patches provided by NCR to address the authentication bypass vulnerability in APTRA XFS 05.01.00.