CVE-2023-36344 – This vulnerability allows a local attacker to e... (How to Fix)

Q: What is the severity of CVE-2023-36344?

CVE-2023-36344 has a CVSS score of 7.8 (HIGH). This vulnerability allows a local attacker to execute arbitrary code on Diebold Nixdorf Vynamic View Console systems via DLL hijacking. Attackers can place malicious DLLs in directories searched by the application, bypassing signature verification. Affected users are those running vulnerable versions of this banking software.

📋 TL;DR

This vulnerability allows a local attacker to execute arbitrary code on Diebold Nixdorf Vynamic View Console systems via DLL hijacking. Attackers can place malicious DLLs in directories searched by the application, bypassing signature verification. Affected users are those running vulnerable versions of this banking software.

💻 Affected Systems

Products:

Diebold Nixdorf Vynamic View Console

Versions: 5.3.1 and earlier versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system where the software is installed. Banking environments using this console are primarily affected.

📦 What is this software?

Vynamic View by Dieboldnixdorf

View all CVEs affecting Vynamic View →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining administrative privileges, potentially leading to theft of banking data, manipulation of financial transactions, or deployment of ransomware.

🟠

Likely Case

Local privilege escalation allowing attackers to execute code with higher privileges than their current account, potentially compromising the banking console functionality.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially only allowing code execution within user context without privilege escalation.

🌐 Internet-Facing: LOW - This requires local access to the system, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Local attackers (including malicious insiders or compromised accounts) can exploit this to gain elevated privileges on banking systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

DLL hijacking is a well-known technique with public proof-of-concept available. Requires local access but is relatively simple to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest version above 5.3.1

Vendor Advisory: https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/view/

Restart Required: Yes

Instructions:

1. Contact Diebold Nixdorf for latest patched version. 2. Backup current configuration. 3. Install updated version. 4. Restart system. 5. Verify functionality.

🔧 Temporary Workarounds

Restrict DLL search paths

windows

Use application control policies to restrict where DLLs can be loaded from

Using Windows AppLocker or similar: New-AppLockerPolicy -RuleType Path -Action Deny -Path "C:\Users\*\*" -User Everyone

Remove unnecessary local accounts

windows

Reduce attack surface by limiting local user accounts

net user [username] /delete

🧯 If You Can't Patch

Implement strict access controls to limit local user access to systems running the vulnerable software
Deploy application whitelisting to prevent execution of unauthorized DLLs and monitor for DLL hijacking attempts

🔍 How to Verify

Check if Vulnerable:

Check software version in Help > About or via registry: HKEY_LOCAL_MACHINE\SOFTWARE\Diebold Nixdorf\Vynamic View Console

Check Version:

reg query "HKLM\SOFTWARE\Diebold Nixdorf\Vynamic View Console" /v Version

Verify Fix Applied:

Verify version is above 5.3.1 and test DLL loading from unauthorized locations

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing DLL loading from unusual paths
Application errors related to missing or failed DLL loads

Network Indicators:

Unusual outbound connections from the View Console process

SIEM Query:

EventID=7 OR EventID=11 AND ProcessName="*ViewConsole*" AND ImageLoaded="*.dll"

📊 Metadata

CVE ID: CVE-2023-36344

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: August 8, 2023

Last Updated: November 21, 2024

🔗 References

https://packetstormsecurity.com/files/173990/Diebold-Nixdorf-Vynamic-View-Console-5.3.1-DLL-Hijacking.html Third Party Advisory,VDB Entry
https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/view/ Vendor Advisory
https://packetstormsecurity.com/files/173990/Diebold-Nixdorf-Vynamic-View-Console-5.3.1-DLL-Hijacking.html Third Party Advisory,VDB Entry
https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/view/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36344, you might also want to check these: