Описание
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0sr12 (исключая)Версия от 4.0.0 (включая) до 4.0.0sr04 (исключая)Версия от 4.1.0 (включая) до 4.1.0sr02 (исключая)Версия от 4.2.0 (включая) до 4.2.0sr01 (исключая)
Одно из
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:dieboldnixdorf:vynamic_security_suite:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00383
Низкий
6.8 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-20
Связанные уязвимости
CVSS3: 6.8
github
больше 1 года назад
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
EPSS
Процентиль: 60%
0.00383
Низкий
6.8 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-20