Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2020-9063 | First vendor Publication | 2020-08-21 |
| Vendor | Cve | Last vendor Modification | 2020-08-27 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.6 | ||
| Base Score | 7.6 | Environmental Score | 7.6 |
| impact SubScore | 6 | Temporal Score | 7.6 |
| Exploitabality Sub Score | 0.9 | ||
| Attack Vector | Physical | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Changed | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9063 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2020-09-02 17:23:20 |
|
