CVE-2023-43870

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 19, 2023
Updated: Dec 28, 2023
CWE ID 798

Summary

CVE-2023-43870 is a cybersecurity vulnerability in the Net2 software installation process. During installation, a root certificate is added to the trusted store, making it accessible with a password. If an attacker gains access to the installer batch file or reverse-engineers the source code, they can obtain the root certificate password. With this information, they can create fraudulent certificates to impersonate other sites. By setting up a proxy service to mimic the target site, attackers can intercept and monitor traffic between users and the actual site, potentially accessing sensitive data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share