CVE-2023-50442

Vulnerability

In PRIMX ZONECENTRAL through version 2023.5, the metadata of encrypted zones is not fully protected. This allows a local attacker with appropriate privileges to alter that metadata so that specific file types are excluded from encryption temporarily. All versions of ZONECENTRAL are affected [1][2].

Exploitation

An attacker with local access and high privileges (e.g., administrative rights on the machine) can modify the metadata of an encrypted folder without requiring any user interaction. The modification itself is a deliberate tampering of the zone's configuration, which can be detected through periodic scans as described in the ZONECENTRAL Administrator Guide [2].

Impact

Successful exploitation allows the attacker to bypass encryption for newly created files of specific types within the targeted folder. This violates the confidentiality guarantee of the encryption solution, as those files are written to disk in plaintext. The integrity of the metadata itself is also compromised [2].

Mitigation

PRIMX recommends that administrators periodically scan encrypted zones outside of the user computer to detect unauthorized modifications, as documented in the ZONECENTRAL Administrator Guide [2]. At the time of publication, no software patch has been released to address the underlying metadata protection weakness. Affected users should contact support at primx.eu for further assistance [1][2].