Lucene search

MitreCVE-2023-24063

HistoryAug 08, 2024 - 6:15 p.m.

CVE-2023-24063

2024-08-0818:15:09

CWE-354

mitre

web.nvd.nist.gov

diebold nixdorf

vynamic security suite

pre-boot authorization

physical attacker

hard disk manipulation.

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

22.3%

JSON

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk.

Affected configurations

Nvd

Node

dieboldnixdorfvynamic_security_suiteRange<3.3.0sr10

VendorProductVersionCPE
dieboldnixdorfvynamic_security_suite*cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dieboldnixdorf	vynamic_security_suite	*	cpe:2.3:a:dieboldnixdorf:vynamic_security_suite::::::::

References

media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

22.3%

JSON

Related for CVE-2023-24063