Lucene search

[email protected]NVD:CVE-2023-24063

HistoryAug 08, 2024 - 6:15 p.m.

CVE-2023-24063

2024-08-0818:15:09

CWE-354

[email protected]

web.nvd.nist.gov

diebold nixdorf

vynamic security suite

vss

pre-boot authorization

pba

vulnerability

physical attacker

hard disk manipulation

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

JSON

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk.

Affected configurations

Nvd

Node

dieboldnixdorfvynamic_security_suiteRange<3.3.0sr10

VendorProductVersionCPE
dieboldnixdorfvynamic_security_suite*cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dieboldnixdorf	vynamic_security_suite	*	cpe:2.3:a:dieboldnixdorf:vynamic_security_suite::::::::

References

media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

JSON

Related for NVD:CVE-2023-24063

vulnrichment1 cvelist1 cve1