PT-2024-12871 · Diebold Nixdorf · Vynamic Security Suite
Published
2024-08-08
·
Updated
2024-08-19
·
CVE-2023-40261
CVSS v3.1
6.8
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 3.3.0 SR17
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.0.0 SR07
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.1.0 SR04
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.2.0 SR04
Diebold Nixdorf Vynamic Security Suite (VSS) versions prior to 4.3.0 SR03
Description
The issue is related to the failure of the Vynamic Security Suite to validate file attributes during the Pre-Boot Authorization process. This can be exploited by a physical attacker who can manipulate the system's hard disk contents.
Recommendations
For versions prior to 3.3.0 SR17, update to version 3.3.0 SR17 or later.
For versions prior to 4.0.0 SR07, update to version 4.0.0 SR07 or later.
For versions prior to 4.1.0 SR04, update to version 4.1.0 SR04 or later.
For versions prior to 4.2.0 SR04, update to version 4.2.0 SR04 or later.
For versions prior to 4.3.0 SR03, update to version 4.3.0 SR03 or later.
Exploit
Fix
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vynamic Security Suite