2021.2

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

primx

NVD

Published: 2023-12-13

Updated: 2023-12-20

Summary

Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (ANSSI qualification submission) or CRYHOD for Windows before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger outbound network traffic from computers on which disks are opened.

Vulnerable Configurations

Part	Description	Count
Application	Primx Primx Cryhod 2020.2 Primx Cryhod 2020.3 Primx Cryhod 2021.2 Primx Cryhod *	4
OS	Microsoft Microsoft Windows -	1

References

https://www.primx.eu/fr/blog/
https://www.primx.eu/en/bulletins/security-bulletin-23B3093B/