Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ptsecurityPositive TechnologiesPT-2021-01
HistoryApr 07, 2024 - 12:00 a.m.

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

2024-04-0700:00:00
Positive Technologies
www.ptsecurity.com
317
vulnerability
diebold-nixdorf
firmware
update
encryption bypass
cmdv5
usb port
vendor notification
cve-2018-9099
JSON

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM)

Severity:

Severity level: High
Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
Access Vector: Local

CVSS v3.0
Base Score: 6,8
Vector: (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2018-9099

Vulnerability description:

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version (with malicious content) to bypass the encryption and withdraw cash.

Advisory status:

07.2018 - Vendor notification date

Credits:

The vulnerability was discovered by Vladimir Kononovich, Alexey Stennikov (independent researcher)

JSON