Security Bulletin 23B30933
The metadata of an encrypted zone can be compromised
Medium
Security Bulletin 23B30933
CVE-2023-50442
12/13/2023
SUMMARY
The metadata of an encrypted zone is not fully protected, which allows a local attacker having appropriate privileges to alter it in order to exclude new files from encryption temporarily (this modification can however be detected as described in the Administrator guide).
CVSS SCORE: BASE 4.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges required (PR): High (H)
- User interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): None (N)
DETAILS
- CVEID: 2023-50442 (created on 12/10/2023)
AFFECTED PRODUCTS AND VERSIONS
All versions of ZONECENTRAL.
SOLUTIONS AND RECOMMENDATIONS
As described in the ZONECENTRAL Administrator Guide, encrypted zones outside of the user computer have to be periodically scanned to detect unauthorized modifications.
For more information, contact support[@]primx[.]eu.
ACKNOWLEDGEMENTS
ANSSI
