Lucene search

MitreVULNRICHMENT:CVE-2023-28865

HistoryAug 08, 2024 - 12:00 a.m.

CVE-2023-28865

2024-08-0800:00:00

mitre

github.com

diebold nixdorf

vynamic security suite

validation failure

directory contents

physical attack

AI Score

6.5

Confidence

Low

EPSS

Percentile

9.5%

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dieboldnixdorf",
    "product": "vynamic_security_suite",
    "versions": [
      {
        "status": "affected",
        "version": "3.3.0",
        "versionType": "custom",
        "lessThanOrEqual": "3.3.0sr14"
      },
      {
        "status": "affected",
        "version": "3.3.0sr14",
        "lessThan": "4.0.0sr05",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.3.0sr14",
        "lessThan": "4.1.0.sr03",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.3.0sr14",
        "lessThan": "4.2.0sr02",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/