CVE-2023-28865

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*

History

19 Aug 2024, 19:04

Type Values Removed Values Added
References () https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf - () https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf - Exploit, Third Party Advisory
References () https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/ - () https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/ - Vendor Advisory
CPE cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
Summary
  • (es) Diebold Nixdorf Vynamic Security Suite (VSS) anterior a 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03 y 4.2.0 SR02 no puede validar el contenido del directorio de ciertos directorios (por ejemplo, garantizar la suma hash esperada) durante la fase Pre-Boot Authorization (PBA). Esto puede ser aprovechado por un atacante físico que pueda manipular el contenido del disco duro del sistema.
CWE CWE-345
First Time Dieboldnixdorf
Dieboldnixdorf vynamic Security Suite

08 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-353
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.6

08 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 18:15

Updated : 2024-08-19 19:04


NVD link : CVE-2023-28865

Mitre link : CVE-2023-28865

CVE.ORG link : CVE-2023-28865


JSON object : View

Products Affected

dieboldnixdorf

  • vynamic_security_suite
CWE
CWE-345

Insufficient Verification of Data Authenticity

CWE-353

Missing Support for Integrity Check