What the vulnerability does

01Description

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.

Key dates

02Disclosure timeline

August 21, 2020 CVE published
November 4, 2025 Record updated