{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T18:11:14.337","vulnerabilities":[{"cve":{"id":"CVE-2020-10123","sourceIdentifier":"cret@cert.org","published":"2020-08-21T21:15:11.370","lastModified":"2025-11-04T20:15:52.473","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows."},{"lang":"es","value":"El dispensador de moneda de los Cajeros Automáticos NCR SelfSev que ejecutan APTRA XFS versiones 05.01.00 o anteriores, no autentica adecuadamente las peticiones de generación de claves de sesión desde el computador host, permitiendo a un atacante con acceso físico a los componentes internos del Cajero Automático emitir comandos válidos para dispensar moneda al generar una nueva clave de sesión  que el atacante conoce."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ncr:aptra_xfs:*:*:*:*:*:*:*:*","versionEndIncluding":"05.01.00","matchCriteriaId":"EEEBE53E-F7F4-4AF1-B69A-F49A77C55419"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ncr:selfserv_atm:-:*:*:*:*:*:*:*","matchCriteriaId":"B95CF58A-28C7-4C1E-8B83-7BF0D515FF34"}]}]}],"references":[{"url":"https://kb.cert.org/vuls/id/116713","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf","source":"cret@cert.org","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf","source":"cret@cert.org","tags":["Vendor Advisory"]},{"url":"https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf","source":"cret@cert.org","tags":["Vendor Advisory"]},{"url":"https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf","source":"cret@cert.org","tags":["Vendor Advisory"]},{"url":"https://kb.cert.org/vuls/id/116713","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.kb.cert.org/vuls/id/116713","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}