Security Bulletin 23B30933 - PRIM'X - PRIM'X

FR
ES

Download ZEDFREE Blog PRIM'X

FR
ES

Download ZEDFREE Blog PRIM'X

Security Bulletin 23B30933
CVE-2023-50442
12/13/2023

SUMMARY

The metadata of an encrypted zone is not fully protected, which allows a local attacker having appropriate privileges to alter it in order to exclude new files from encryption temporarily (this modification can however be detected as described in the Administrator guide).

CVSS SCORE: BASE 4.1

Attack Vector (AV): Local (L)

Attack Complexity (AC): High (H)

Privileges required (PR): High (H)

User interaction (UI): None (N)

Scope (S): Unchanged (U)

Confidentiality (C): High (H)

Integrity (I): High (H)

Availability (A): None (N)

DETAILS

CVEID: 2023-50442 (created on 12/10/2023)

AFFECTED PRODUCTS AND VERSIONS

All versions of ZONECENTRAL.

SOLUTIONS AND RECOMMENDATIONS

As described in the ZONECENTRAL Administrator Guide, encrypted zones outside of the user computer have to be periodically scanned to detect unauthorized modifications.

For more information, contact support[@]primx[.]eu.

ACKNOWLEDGEMENTS

ANSSI

Our certifications

Common Criteria Certifications at level EAL3+
Security Visa & Qualification Standard Level from ANSSI
Protection of information classified: EU and NATO Restricted
CRYHOD and ZONECENTRAL : ENS Alta qualified products
(CCN)
Dutch Approval
(AIVD)

Our Certifications