Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-46917

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Aug, 2025 | 00:00
Updated At-29 Aug, 2025 | 17:32
Rejected At-
Credits

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Aug, 2025 | 00:00
Updated At:29 Aug, 2025 | 17:32
Rejected At:
▼CVE Numbering Authority (CNA)

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/
N/A
https://github.com/emptynebuli
N/A
https://www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057
N/A
Hyperlink: https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/
Resource: N/A
Hyperlink: https://github.com/emptynebuli
Resource: N/A
Hyperlink: https://www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-353CWE-353 Missing Support for Integrity Check
Type: CWE
CWE ID: CWE-353
Description: CWE-353 Missing Support for Integrity Check
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Aug, 2025 | 16:15
Updated At:29 Aug, 2025 | 18:15

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-353Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-353
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/emptynebulicve@mitre.org
N/A
https://www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057cve@mitre.org
N/A
https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/cve@mitre.org
N/A
Hyperlink: https://github.com/emptynebuli
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2020-10266
Matching Score-4
Assigner-Alias Robotics S.L.
ShareView Details
Matching Score-4
Assigner-Alias Robotics S.L.
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.87%
||
7 Day CHG~0.00%
Published-06 Apr, 2020 | 12:08
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RVD#1487: No integrity checks on UR+ platform artifacts when installed in the robot

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.

Action-Not Available
Vendor-universal-robotsUniversal Robots
Product-ur3ur10ur5ur\+URx
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2019-11480
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-8.4||HIGH
EPSS-0.43% / 61.45%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 02:10
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ubuntu kernel snap build process could use unauthenticated sources

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16

Action-Not Available
Vendor-Canonical Ltd.
Product-c-kernelpc-kernel
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
Details not found