PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM)Severity:Severity level: High Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 Access Vector: LocalCVSS v3.0 Base Score: 6,8 Vector: (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVE-2018-9099 Vulnerability description:With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version (with malicious content) to bypass the encryption and withdraw cash.Advisory status:07.2018 - Vendor notification dateCredits:The vulnerability was discovered by Vladimir Kononovich, Alexey Stennikov (independent researcher)