PT-2024-12021 · Diebold Nixdorf · Vynamic Security Suite
Published
2024-08-08
·
Updated
2024-08-19
·
CVE-2023-24062
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 3.3.0 SR12
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.0.0 SR04
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.1.0 SR02
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.2.0 SR01
Description
The issue arises from a failure to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who manipulates the system's hard disk contents.
Recommendations
For versions prior to 3.3.0 SR12, update to version 3.3.0 SR12 or later.
For versions prior to 4.0.0 SR04, update to version 4.0.0 SR04 or later.
For versions prior to 4.1.0 SR02, update to version 4.1.0 SR02 or later.
For versions prior to 4.2.0 SR01, update to version 4.2.0 SR01 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vynamic Security Suite