Lucene search

MitreVULNRICHMENT:CVE-2023-40261

HistoryAug 08, 2024 - 12:00 a.m.

CVE-2023-40261

2024-08-0800:00:00

mitre

github.com

diebold nixdorf

vynamic security suite

file attribute validation

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

22.3%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system’s hard disk.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*"
    ],
    "vendor": "dieboldnixdorf",
    "product": "vynamic_security_suite",
    "versions": [
      {
        "status": "affected",
        "version": "3.3.0",
        "versionType": "custom",
        "lessThanOrEqual": "3.3.0sr16"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/