CVE-2023-40261

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*

History

19 Aug 2024, 19:03

Type Values Removed Values Added
First Time Dieboldnixdorf
Dieboldnixdorf vynamic Security Suite
CPE cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 4.6
v2 : unknown
v3 : 6.8
References () https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf - () https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf - Exploit, Third Party Advisory
References () https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/ - () https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/ - Vendor Advisory
CWE CWE-665

14 Aug 2024, 16:15

Type Values Removed Values Added
Summary (en) Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR03 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk. (en) Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

09 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.6
Summary
  • (es) Diebold Nixdorf Vynamic Security Suite (VSS) anterior a 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04 y 4.3.0 SR03 no puede validar los atributos del archivo durante el proceso Pre-Boot Authorization (PBA). Esto puede ser aprovechado por un atacante físico que pueda manipular el contenido del disco duro del sistema.

08 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 18:15

Updated : 2024-08-19 19:03


NVD link : CVE-2023-40261

Mitre link : CVE-2023-40261

CVE.ORG link : CVE-2023-40261


JSON object : View

Products Affected

dieboldnixdorf

  • vynamic_security_suite
CWE
CWE-665

Improper Initialization