CVE-2024-46917
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-09-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dieboldnixdorf | vynamic_security_suite | to 4.3.0sr01 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-353 | The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability includes potential unauthorized code execution on affected systems, exposure and recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and complete control over the Windows OS. This could lead to data breaches, system compromise, and loss of control over critical systems protected by the Vynamic Security Suite.
Can you explain this vulnerability to me?
This vulnerability in Diebold Nixdorf Vynamic Security Suite through version 4.3.0 SR01 occurs because the software does not validate file attributes or the contents of the /root directory during integrity checks. This flaw allows an attacker to execute arbitrary code, recover TPM Disk Encryption keys, decrypt the Windows system partition, and gain full control over the Windows operating system, for example by modifying the ~/.profile file.