QwikSec

Security Database

CVE

CWE

Training

CVE-2020-10123

Published: Aug 21, 2020

Modified: Nov 4, 2025

PUBLISHED

Description

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.

Vendor	Product	Versions
NCR	SelfServ ATM	affected `APTRA XFS - <= 05.01.00`

Weaknesses (CWE)

References

https://kb.cert.org/vuls/id/116713

x_refsource_MISC

https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-10-S1_and_S2_Critical_Update.pdf

x_refsource_MISC

https://www.ncr.com/content/dam/ncrcom/unsorted/jackpot_attacks_in_the_us_-_january_2018.pdf

x_refsource_MISC

https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Security_Alert-2018-13_APTRA_XFS_v5.pdf

x_refsource_MISC

https://www.ncr.com/content/dam/ncrcom/content-type/documents/NCR_Secure_white_paper-Dispenser_Security_Solution_September_2018.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.