CVE-2023-33206
Last modified
CVE-2023-33206 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.. EPSS estimates a 0.28% chance of exploitation in the next 30 days.
Description
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dieboldnixdorf | Vynamic Security Suite | < 3.3.0sr16 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.0.0, < 4.0.0sr06 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.1.0, < 4.1.0sr04 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.2.0, < 4.2.0sr03 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.3.0, < 4.3.0sr01 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-33206?
How severe is CVE-2023-33206?
How do I fix CVE-2023-33206?
Are you affected by CVE-2023-33206?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST