Overview
Diebold Nixdorf 2100xe USB automated teller machines (ATMs) are vulnerable to physical attacks on the communication channel between the cash and check deposit module (CCDM) and the host computer. An attacker with physical access to internal ATM components may be able to exploit this vulnerability to commit deposit forgery.
Description
Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer. An attacker with physical access to internal ATM components can intercept and modify messages, such as the amount and value of currency being deposited, and send modified messages to the host computer.
A similar vulnerability identified as CVE-2020-10124 is decribed in VU#815655. CVE-2020-10124 affects the bunch note acceptor (BNA) in ATMs supplied by a different vendor. The BNA is functionally similar to the CCDM.
Impact
By modifying deposit transaction messages, an attacker may be able to commit deposit forgery. Such an attack requires two separate transactions. The attacker must first deposit actual currency and modify messages from the CCDM to the host computer to indicate a greater amount or value than was actually deposited. Then the attacker must make a withdrawal for an artificially increased amount or value of currency. This second transaction may need to occur at an ATM operated by a different financial institution (i.e., a not-on-us or OFF-US transaction).
Solution
Obtain advice from vendor
Diebold Nixdorf released a document titled "Potential CCDM Deposit Forgery" on February 27, 2020 that details the recommended procedures for addressing this vulnerability. Contact the ..
Support the originator by clicking the read the rest link below.
