CVE-2024-46917
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-09-09

Assigner: MITRE

Description
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-15
NVD
CVE-2024-46917
EUVD
EUVD-2024-54933
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dieboldnixdorf vynamic_security_suite to 4.3.0sr01 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-353 The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The impact of this vulnerability includes potential unauthorized code execution on affected systems, exposure and recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and complete control over the Windows OS. This could lead to data breaches, system compromise, and loss of control over critical systems protected by the Vynamic Security Suite.

Executive Summary

This vulnerability in Diebold Nixdorf Vynamic Security Suite through version 4.3.0 SR01 occurs because the software does not validate file attributes or the contents of the /root directory during integrity checks. This flaw allows an attacker to execute arbitrary code, recover TPM Disk Encryption keys, decrypt the Windows system partition, and gain full control over the Windows operating system, for example by modifying the ~/.profile file.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-46917. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart