CVE-2023-40261
Last modified
CVE-2023-40261 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dieboldnixdorf | Vynamic Security Suite | < 3.3.0sr17 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.0.0, < 4.0.0sr07 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.1.0, < 4.1.0sr04 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.2.0, < 4.2.0sr04 |
| Dieboldnixdorf | Vynamic Security Suite | >= 4.3.0, < 4.3.0sr03 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-40261?
How severe is CVE-2023-40261?
How do I fix CVE-2023-40261?
Are you affected by CVE-2023-40261?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST