News

In Diebold Nixdorf ATMs detected RCE-vulnerability

On Monday, June 10, 2019, one of the world’s largest ATM manufacturers Diebold Nixdorf began to warn its customers about vulnerabilities in Opteva ATMs. The bug allows remotely execute an arbitrary code.

NightSt0rm, a group of Vietnamese experts, published information about this vulnerability last week. According to the researchers, they were able to find an external OS service in old Opteva ATMs, which can be used to place a reverse shell on vulnerable machines and then intercept control over them.

“The potential problem is with the Agilis XFS service using .NET Remoting via the“ outward-looking ”HTTP channel”, – explained Diebold Nixdorf in an official statement. The company reports that the problem affects only Opteva 4.x and does not apply to newer versions.

The developer released a fixed Agilis XFS variation for OptevaBulkCashRec (BCRM) version 4.1.22, which closes “looking out” HTTP hole. In addition, it is reported that from a potential attack, you can protect yourself by using a simple firewall setting, which even old Opteva ATMs are equipped with.

The company explains that the NightSt0rm researchers deliberately turned off the firewall during their tests, and without this the attack on the vulnerability will not succeed. Moreover, according to Diebold Nixdorf, attackers never tried to exploit the vulnerability.

Read also: 57% of mail-servers have critical vulnerability

Inconsistency in question of disclosure data on hugs, apparently, was due to usual error. So, NightSt0rm experts assured that they were unable to contact representatives of Diebold Nixdorf and therefore disclosed information about the problem publicly.

“Unfortunately, they initially contacted us through the“ Contact us ”form on our website. Through it, hundreds of applications are sent to us every month with very common statements about vulnerabilities in one of our ATMs”, – explains Diebold Nixdorf.

The company assured that they did ignore the researchers, and now the connection with the NightSt0rm team has already been established.

Source: https://scribd.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Himalayaview.top Pop-up Ads

About Himalayaview.top Himalayaview.top pop-ups can not launch out of the blue. If you have actually…

8 hours ago

Remove Youdilgad.top Pop-up Ads

About Youdilgad.top Youdilgad.top pop-ups can not expose out of the blue. If you have clicked…

8 hours ago

Remove Alkads.com Pop-up Ads

About Alkads.com Alkads.com pop-ups can not launch out of the blue. If you have clicked…

8 hours ago

Remove Bigamirt.xyz Pop-up Ads

About Bigamirt.xyz Bigamirt.xyz pop-ups can not launch out of nowhere. If you have clicked some…

8 hours ago

Remove Micorban.xyz Pop-up Ads

About Micorban.xyz Micorban.xyz pop-ups can not open out of the blue. If you have actually…

9 hours ago

Remove Msdefender.co.in Pop-up Ads

About Msdefender.co.in Msdefender.co.in pop-ups can not expose out of the blue. If you have actually…

2 days ago