Diebold Nixdorf Vynamic Security Suite Code Execution Vulnerability

A vulnerability in Diebold Nixdorf Vynamic Security Suite (VSS) versions through 4.3.0 SR01 allows for code execution and unauthorized access to sensitive data. The issue arises because the software does not properly validate file attributes or the contents of the root directory during integrity checks. This oversight can be exploited to execute arbitrary code, retrieve TPM Disk Encryption keys, decrypt the Windows system partition, and gain full control over the Windows operating system by modifying startup files.

Impact

Exploitation of this vulnerability leads to unauthorized code execution, allowing attackers to manipulate the Windows operating system and access sensitive data encrypted by the TPM.

Reproduction

The vulnerability can be reproduced by exploiting the improper validation of file attributes and contents in the Linux partition used for integrity checks. This can be done by deleting or modifying files that are not properly indexed or validated, such as those related to the system's boot process or temporary file systems. Once the integrity checks are bypassed, arbitrary code can be executed during the system's initialization process, leveraging the access to the root directory to modify profile scripts that are executed at startup.