MEDIUM🇬🇧 English

CVE-2023-28865

CVSS 6.6v3.1pub. 2024-08-08upd. 2024-08-19

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

oryginał EN
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dieboldnixdorf Vynamic Security Suite

    APP
    Dieboldnixdorf
    < 3.3.0sr154.0.0 – 4.0.0sr05 (bez)4.1.0 – 4.1.0sr03 (bez)4.2.0 – 4.2.0sr02 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-46916HIGH8.1ten sam produkt

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of cr...

CVE-2024-46917HIGH8.1ten sam produkt

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of...

CVE-2023-24064MEDIUM6.8ten sam produkt

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boo...

CVE-2023-24062MEDIUM6.8ten sam produkt

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails t...

CVE-2023-40261MEDIUM6.8ten sam produkt

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 ...