How severe is CVE-2020-10125?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2020-10125?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2020-10125

HIGH Year: 2020

CVSS v3 Score

7.6

High

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-326

View all →

Vulnerability Description

NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.

CVE-2002-1697

HIGH

CVSS:7.5(High)

Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain se...

CWE-3262002

CVE-2002-1872

HIGH

CVSS:7.5(High)

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

CWE-3262002

CVE-2002-1910

HIGH

CVSS:7.5(High)

Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.

CWE-3262002

CVE-2004-2172

HIGH

CVSS:7.5(High)

EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.

CWE-3262004