CVE-2023-43870
📋 TL;DR
CVE-2023-43870 allows attackers to extract the root certificate password from Net2 software installation files, enabling them to create fraudulent certificates and perform man-in-the-middle attacks. This affects all Net2 software installations where the vulnerable installer is used. Attackers could intercept and decrypt sensitive data transmitted between users and legitimate sites.
💻 Affected Systems
- Paxton Net2 software
📦 What is this software?
Net2 by Paxton Access
Net2 by Paxton Access
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all encrypted communications between Net2 systems and users, allowing interception of authentication credentials, access control data, and sensitive building management information.
Likely Case
Targeted attacks against specific organizations using Net2 systems to intercept administrative credentials and gain unauthorized access to physical security systems.
If Mitigated
Limited impact with proper network segmentation, certificate monitoring, and access controls preventing installer file access.
🎯 Exploit Status
Exploitation requires access to installer files or source code, but the process is straightforward once obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact Paxton for updated installer
Vendor Advisory: https://www.paxton-access.com/systems/net2/
Restart Required: Yes
Instructions:
1. Contact Paxton support for updated Net2 installer. 2. Uninstall current Net2 software. 3. Install updated version. 4. Remove old root certificate from trusted store. 5. Restart system.
🔧 Temporary Workarounds
Remove vulnerable root certificate
windowsManually remove the vulnerable root certificate from the Windows certificate store
certmgr.msc
Navigate to Trusted Root Certification Authorities
Find and delete Paxton Net2 certificate
Restrict installer file access
windowsSet strict permissions on Net2 installation directories and files
icacls "C:\Program Files\Paxton\Net2" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"
🧯 If You Can't Patch
- Implement network segmentation to isolate Net2 systems from untrusted networks
- Deploy certificate pinning or monitoring to detect fraudulent certificate usage
🔍 How to Verify
Check if Vulnerable:
Check if Paxton Net2 root certificate exists in Windows certificate store and examine installer files for hardcoded credentialsCheck Version:
Check Net2 software version in Control Panel > Programs and FeaturesVerify Fix Applied:
Verify updated installer does not include hardcoded passwords and new certificate is properly secured📡 Detection & Monitoring
Log Indicators:
- Unusual certificate installation events
- Multiple failed certificate validation attempts
- Access to installer batch files by unauthorized users
Network Indicators:
- SSL/TLS certificate mismatches for Net2 connections
- Unexpected proxy services intercepting Net2 traffic
SIEM Query:
EventID=41 OR EventID=1000 | where ProcessName contains "Net2" OR CommandLine contains "certificate"