MEDIUM🇵🇱 Wersja polska

CVE-2023-28865

CVSS 6.6v3.1pub. 2024-08-08upd. 2024-08-19

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Dieboldnixdorf Vynamic Security Suite

    APP
    Dieboldnixdorf
    < 3.3.0sr154.0.0 – 4.0.0sr05 (bez)4.1.0 – 4.1.0sr03 (bez)4.2.0 – 4.2.0sr02 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-46916HIGH8.1ten sam produkt

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of cr...

CVE-2024-46917HIGH8.1ten sam produkt

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of...

CVE-2023-24064MEDIUM6.8ten sam produkt

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boo...

CVE-2023-24062MEDIUM6.8ten sam produkt

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails t...

CVE-2023-40261MEDIUM6.8ten sam produkt

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 ...