6.6
CVE-2023-28865
- EPSS 0.32%
- Veröffentlicht 08.08.2024 18:15:09
- Zuletzt bearbeitet 19.08.2024 19:04:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDiebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dieboldnixdorf ≫ Vynamic Security Suite Version < 3.3.0sr15
Dieboldnixdorf ≫ Vynamic Security Suite Version >= 4.0.0 < 4.0.0sr05
Dieboldnixdorf ≫ Vynamic Security Suite Version >= 4.1.0 < 4.1.0sr03
Dieboldnixdorf ≫ Vynamic Security Suite Version >= 4.2.0 < 4.2.0sr02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.543 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
CWE-353 Missing Support for Integrity Check
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.