CVE-2023-28865

6.6 MEDIUM

Authentication Bypass

📋 TL;DR

This vulnerability in Diebold Nixdorf Vynamic Security Suite allows physical attackers to bypass disk encryption by manipulating hard disk contents during the Pre-Boot Authorization process. Attackers can potentially access encrypted data without proper authentication. This affects ATM and banking systems using vulnerable VSS versions.

💻 Affected Systems

Products:

• Diebold Nixdorf Vynamic Security Suite (VSS)

Versions: Versions before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02

Operating Systems: Windows-based ATM operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects ATMs and banking systems using VSS for disk encryption and pre-boot authentication.

📦 What is this software?

Vynamic Security Suite by Dieboldnixdorf

View all CVEs affecting Vynamic Security Suite →

Vynamic Security Suite by Dieboldnixdorf

View all CVEs affecting Vynamic Security Suite →

Vynamic Security Suite by Dieboldnixdorf

View all CVEs affecting Vynamic Security Suite →

Vynamic Security Suite by Dieboldnixdorf

View all CVEs affecting Vynamic Security Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete bypass of disk encryption allowing unauthorized access to sensitive financial data, transaction logs, and system credentials stored on ATMs.

🟠

Likely Case

Physical attackers with brief access to ATMs could extract cash or manipulate transaction data by bypassing security controls.

🟢

If Mitigated

With proper physical security controls and monitoring, impact is limited to systems where attackers gain physical access to internal components.

🌐 Internet-Facing: LOW - This requires physical access to the system's hard disk.

🏢 Internal Only: HIGH - Physical access to ATMs or banking systems is the primary attack vector.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical access to open ATM casing and manipulate hard disk contents. DEF CON 32 presentation demonstrates practical exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, or 4.2.0 SR02

Vendor Advisory: https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/

Restart Required: Yes

Instructions:

1. Contact Diebold Nixdorf for appropriate patch version. 2. Apply patch to all affected VSS installations. 3. Restart systems to apply changes. 4. Verify patch installation.

🔧 Temporary Workarounds

Enhanced Physical Security

all

Implement tamper-evident seals and physical security monitoring to detect unauthorized access to ATM internals.

Disk Integrity Monitoring

windows

Implement regular integrity checks of critical system directories and boot files.

🧯 If You Can't Patch

• Implement strict physical access controls and surveillance for ATM locations
• Regularly inspect ATMs for tampering and unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Copy

Check VSS version in system configuration or contact Diebold Nixdorf support.

Check Version:

Copy

Check VSS administration console or configuration files for version information.

Verify Fix Applied:

Copy

Verify installed VSS version matches patched versions: 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, or 4.2.0 SR02.

📡 Detection & Monitoring

Log Indicators:

• Unauthorized physical access logs
• Boot process anomalies
• Disk integrity check failures

Network Indicators:

• Unusual ATM communication patterns
• Offline ATM status changes

SIEM Query:

Copy

ATM physical access events AND (boot anomalies OR disk integrity failures)

📊 Metadata

CVE ID: CVE-2023-28865

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-345

Published: August 8, 2024

Last Updated: August 19, 2024

🔗 References

• https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where%E2%80%99s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf Exploit,Third Party Advisory
• https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/ Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28865, you might also want to check these:

CVE-2022-30315 9.8

Honeywell Experion PKS Safety Manager controllers lack cryptographic authentication for control logi...

Same vulnerability type (CWE-345)

CVE-2025-66255 9.8

This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM ...

Same vulnerability type (CWE-345)

CVE-2022-26871 9.8

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that al...

Same vulnerability type (CWE-345)