Lucene search

[email protected]NVD:CVE-2023-43870

HistoryDec 19, 2023 - 3:15 p.m.

CVE-2023-43870

2023-12-1915:15:08

CWE-798

[email protected]

web.nvd.nist.gov

net2 software

root certificate

installer batch file

source code

hacker

password

certificates

site emulation

proxy service

traffic monitoring

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.2%

JSON

When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create their own certificates to emulate another site. Then by establishing a proxy service to emulate the site they could monitor traffic passed between the end user and the site allowing access to the data content.

Affected configurations

Nvd

Node

paxton-accessnet2Range6.02–6.07

paxton-accessnet2Match6.07-

VendorProductVersionCPE
paxton-accessnet2*cpe:2.3:a:paxton-access:net2:*:*:*:*:*:*:*:*
paxton-accessnet26.07cpe:2.3:a:paxton-access:net2:6.07:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
paxton-access	net2	*	cpe:2.3:a:paxton-access:net2::::::::
paxton-access	net2	6.07	cpe:2.3:a:paxton-access:net2:6.07:-::::::

References

www.paxton-access.com/systems/net2/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.2%

JSON

Related for NVD:CVE-2023-43870

cvelist1 prion1 cve1