CVE-2023-28865
EUVD-2023-3248608.08.2024, 18:15
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dieboldnixdorf | vynamic_security_suite | 𝑥 < 3.3.0sr15 |
| dieboldnixdorf | vynamic_security_suite | 4.0.0 ≤ 𝑥 < 4.0.0sr05 |
| dieboldnixdorf | vynamic_security_suite | 4.1.0 ≤ 𝑥 < 4.1.0sr03 |
| dieboldnixdorf | vynamic_security_suite | 4.2.0 ≤ 𝑥 < 4.2.0sr02 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| dieboldnixdorf | vynamic_security_suite | 3.3.0 ≤ 𝑥 ≤ 3.3.0sr14 | ADP |
| dieboldnixdorf | vynamic_security_suite | 3.3.0sr14 ≤ 𝑥 < 4.0.0sr05 | ADP |
| dieboldnixdorf | vynamic_security_suite | 3.3.0sr14 ≤ 𝑥 < 4.1.0.sr03 | ADP |
| dieboldnixdorf | vynamic_security_suite | 3.3.0sr14 ≤ 𝑥 < 4.2.0sr02 | ADP |
Common Weakness Enumeration
- CWE-345 - Insufficient Verification of Data AuthenticityThe software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
- CWE-353 - Missing Support for Integrity CheckThe software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.