PT-2024-12179 · Diebold Nixdorf · Vynamic Security Suite
Published
2024-08-08
·
Updated
2024-08-19
·
CVE-2023-28865
CVSS v3.1
6.6
Medium
| Vector | AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 3.3.0 SR15
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.0.0 SR05
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.1.0 SR03
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.2.0 SR02
Description
The issue is related to the failure of the Vynamic Security Suite to validate the directory contents of certain directories during the Pre-Boot Authorization process. This can be exploited by a physical attacker who manipulates the system's hard disk contents.
Recommendations
For versions prior to 3.3.0 SR15, update to version 3.3.0 SR15 or later.
For versions prior to 4.0.0 SR05, update to version 4.0.0 SR05 or later.
For versions prior to 4.1.0 SR03, update to version 4.1.0 SR03 or later.
For versions prior to 4.2.0 SR02, update to version 4.2.0 SR02 or later.
Exploit
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vynamic Security Suite