CVE-2024-46916

Published: Aug 29, 2025Modified: Sep 9, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.

Affected (1)

Products: Dieboldnixdorf: Vynamic Security Suite

1 product

Vynamic Security Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dieboldnixdorf Vynamic Security Suite	Up to 4.3.0sr06

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://github.com/emptynebuli

Source: cve@mitre.org

Not Applicable

https://www.atredis.com/blog/2025/8/26/24nrgne4dqbwjxyip7txn8ep6zj057

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.dieboldnixdorf.com/en-us/banking/portfolio/software/security/

Source: cve@mitre.org

Product

Timeline

No history available yet.