Security Bulletin 23B3093B
A compromised encrypted disk can trigger a network access
Medium
Security Bulletin 23B3093B
CVE-2023-50443 (CRYHOD)
12/13/2023
SUMMARY
Opening a compromised encrypted disk can trigger a network access, with potential authentication request. It can be used by an attacker to obtain user privileges and potentially user credentials.
CVSS SCORE: BASE 4.0
- Attack Vector (AV): Physical (P)
- Attack Complexity (AC): High (H)
- Privileges required (PR): Low (L)
- User interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
DETAILS
- CVEID: 2023-50443 (created on 12/10/2023)
AFFECTED PRODUCTS AND VERSIONS
- CRYHOD for Windows version prior to 2023.5, including versions Q.2020.2, Q.2020.3 and Q.2021.2.
SOLUTIONS AND RECOMMENDATIONS
Depending on your solution, upgrade to one of the following versions:
- CRYHOD for Windows version Q.2020.4 (version validated by ANSSI)
- CRYHOD for Windows version Q.2021.3 (version validated by ANSSI)
- CRYHOD for Windows version 2023.5
For more information, contact support[@]primx[.]eu.
ACKNOWLEDGEMENTS
ANSSI
