Medium severity6.6NVD Advisory· Published Aug 8, 2024· Updated Jun 17, 2026
CVE-2023-28865
CVE-2023-28865
Description
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's hard disk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=3.3.0 SR14, <=4.0.0 SR04, <=4.1.0 SR02, <=4.2.0 SR01
Patches
Vulnerability mechanics
References
2- media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdfnvdExploitThird Party Advisory
- www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/nvdVendor Advisory
News mentions
0No linked articles in our index yet.