CVE-2023-24062

MEDIUM

Diebold Nixdorf VSS <4.2.0 SR01 - Info Disclosure

Title source: llm

Description

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

Vendor Advisory

https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/

Scores

CVSS v3 6.8

EPSS 0.0041

EPSS Percentile 32.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

dieboldnixdorf/vynamic_security_suite < 3.3.0sr12

Published Aug 08, 2024

Tracked Since Feb 18, 2026