CVE-2023-43870
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-43870 is a cybersecurity vulnerability in the Net2 software installation process. During installation, a root certificate is added to the trusted store, making it accessible with a password. If an attacker gains access to the installer batch file or reverse-engineers the source code, they can obtain the root certificate password. With this information, they can create fraudulent certificates to impersonate other sites. By setting up a proxy service to mimic the target site, attackers can intercept and monitor traffic between users and the actual site, potentially accessing sensitive data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Paxton Access Ltd