CVE-2023-50443

Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
primxcryhod
𝑥
< 2020.4
primxcryhod
2021.0 ≤
𝑥
< 2021.3
primxcryhod
2023.0 ≤
𝑥
< 2023.5
𝑥
= Vulnerable software versions
References
https://www.primx.eu/en/bulletins/security-bulletin-23B3093B/
https://www.primx.eu/fr/blog/
https://www.primx.eu/en/bulletins/security-bulletin-23B3093B/
https://www.primx.eu/fr/blog/