Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
References
Configurations
Configuration 1 (hide)
|
History
19 Aug 2024, 19:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf - Exploit, Third Party Advisory | |
References | () https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/ - Vendor Advisory | |
CPE | cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:* | |
Summary |
|
|
CWE | CWE-345 | |
First Time |
Dieboldnixdorf
Dieboldnixdorf vynamic Security Suite |
08 Aug 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-353 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.6 |
08 Aug 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-08 18:15
Updated : 2024-08-19 19:04
NVD link : CVE-2023-28865
Mitre link : CVE-2023-28865
CVE.ORG link : CVE-2023-28865
JSON object : View
Products Affected
dieboldnixdorf
- vynamic_security_suite