Lucene search

[email protected]NVD:CVE-2023-24064

HistoryAug 08, 2024 - 6:15 p.m.

CVE-2023-24064

2024-08-0818:15:09

[email protected]

web.nvd.nist.gov

diebold nixdorf

vynamic security suite

validation

pre-boot authorization

physical attacker

system's hard disk

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

JSON

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk.

Affected configurations

Nvd

Node

dieboldnixdorfvynamic_security_suiteRange<3.3.0sr4

VendorProductVersionCPE
dieboldnixdorfvynamic_security_suite*cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dieboldnixdorf	vynamic_security_suite	*	cpe:2.3:a:dieboldnixdorf:vynamic_security_suite::::::::

References

media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

JSON

Related for NVD:CVE-2023-24064

vulnrichment1 cvelist1 cve1