CVE-2023-48427

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 2

Description The issue is related to errors in the certificate authentication procedure of the SINEC INS web interface, which could allow a remote attacker to intercept requests sent to the UMC server and potentially escalate privileges by manipulating responses. The affected products do not properly validate the certificate of the configured UMC server.

Recommendations For versions prior to V1.0 SP2 Update 2, update to V1.0 SP2 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the UMC server to minimize the risk of exploitation. Avoid using the vulnerable web interface until the issue is resolved.