Unnecessary permissions on private keys of certificates installed by Network...

3.3 / 10

LOW

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Amber

Description

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.
* Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
* Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable

Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.

Basic Information

ID CVE-2026-4761

Source CODRA

Published Mar 25, 2026 at 12:45

Modified Mar 26, 2026 at 08:58

Affected Product

Vendor CODRA

Product Panorama Suite

Version Panorama Suite 2025

Affected Versions CODRA Panorama Suite Panorama Suite 2025

CWE Classification

CWE-732

References

my.codra.net /api/csirt/download

{
    "lastseen": "",
    "description": "When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.\n  *  Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed\n  *  Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable\n\n\nPlease refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.",
    "published": "2026-03-25T12:45:27.361Z",
    "modified": "2026-03-26T08:58:02.831Z",
    "type": "cve",
    "title": "Unnecessary permissions on private keys of certificates installed by Network and Security Wizard",
    "source": "CODRA",
    "references": "https://my.codra.net/api/csirt/download?resourceId=1469&fileType=FichierPDF",
    "id": "CVE-2026-4761",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "CODRA Panorama Suite Panorama Suite 2025",
    "sourceHref": "",
    "cvss": {
        "score": 3.3,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Panorama Suite",
    "version": "Panorama Suite 2025",
    "vendor": "CODRA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unnecessary permissions on private keys of certificates installed by Network and Security Wizard_CVE-2026-4761