PT-2024-12422 · Diebold Nixdorf · Vynamic Security Suite
Published
2024-08-08
·
Updated
2024-08-19
·
CVE-2023-33206
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 3.3.0 SR16
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.0.0 SR06
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.1.0 SR04
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.2.0 SR03
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.3.0 SR01
Description
The issue is related to the failure of Diebold Nixdorf Vynamic Security Suite (VSS) to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Recommendations
For versions prior to 3.3.0 SR16, update to 3.3.0 SR16 or later.
For versions prior to 4.0.0 SR06, update to 4.0.0 SR06 or later.
For versions prior to 4.1.0 SR04, update to 4.1.0 SR04 or later.
For versions prior to 4.2.0 SR03, update to 4.2.0 SR03 or later.
For versions prior to 4.3.0 SR01, update to 4.3.0 SR01 or later.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vynamic Security Suite