CVE-2024-46916

EUVD-2024-54934
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
dieboldnixdorfvynamic_security_suite
𝑥
≤ 4.3.0sr06
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/emptynebuli
https://www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057
https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/