Security Bulletin 23B3093A
A compromised encrypted zone can trigger a network access
Security Bulletin 23B3093A
CVE-2023-50441 (ZONECENTRAL)
12/13/2023
SUMMARY
Opening a compromised encrypted zone can trigger a network access, with potential authentication request. It can be used by an attacker to obtain user privileges and potentially user credentials.
CVSS SCORE: BASE 4.8
- Attack Vector (AV): Adjacent (A)
- Attack Complexity (AC): High (H)
- Privileges required (PR): Low (L)
- User interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
DETAILS
- CVEID: 2023-50441 (created on 12/10/2023)
AFFECTED PRODUCTS AND VERSIONS
- ZONECENTRAL for Windows version prior to 2023.5, including versions Q.2021.1
SOLUTIONS AND RECOMMENDATIONS
Depending on your solution, upgrade to one of the following versions:
- ZONECENTRAL for Windows version Q.2021.2 (version validated by ANSSI)
- ZONECENTRAL for Windows version 2023.5
For more information, contact support[@]primx[.]eu.
ACKNOWLEDGEMENTS
ANSSI