CVE-2023-28865
Last modified
CVE-2023-28865 is a medium-severity vulnerability rated 6.6/10 on the CVSS scale. Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Metrics
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dieboldnixdorf | Vynamic Security Suite | < 3.3.0sr15 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.0.0, < 4.0.0sr05 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.1.0, < 4.1.0sr03 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.2.0, < 4.2.0sr02 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-28865?
How severe is CVE-2023-28865?
How do I fix CVE-2023-28865?
Are you affected by CVE-2023-28865?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST