Lucene search

MitreVULNRICHMENT:CVE-2023-33206

HistoryAug 08, 2024 - 12:00 a.m.

CVE-2023-33206

2024-08-0800:00:00

mitre

github.com

diebold nixdorf vynamic security suite

symlink validation

pre-boot authorization

physical attacker

hard disk manipulation

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

17.9%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dieboldnixdorf",
    "product": "vynamic_security_suite",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.3.0 SR16",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.0.0 SR06",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.1.0 SR04",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.2.0 SR03",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.3.0 SR01",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/