CVE-2023-50440

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.primx.eu/en/bulletins/security-bulletin-23B30931/	Vendor Advisory
https://www.primx.eu/fr/blog/	Product
https://www.primx.eu/en/bulletins/security-bulletin-23B30931/	Vendor Advisory
https://www.primx.eu/fr/blog/	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:primx:zed\!:::::enterprise:linux::
	cpe:2.3:a:primx:zed\!:::::enterprise:macos::
	cpe:2.3:a:primx:zed\!:::::free:linux::
	cpe:2.3:a:primx:zed\!:::::free:macos::
	cpe:2.3:a:primx:zed\!:::::free:windows::
	cpe:2.3:a:primx:zed\!:::::pro:linux::
	cpe:2.3:a:primx:zed\!:::::pro:macos::
	cpe:2.3:a:primx:zed\!:::::pro:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zedmail::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*

History

No history.

Information

Published : 2023-12-13 21:15

Updated : 2024-11-21 08:36

NVD link : CVE-2023-50440

Mitre link : CVE-2023-50440

CVE.ORG link : CVE-2023-50440

JSON object : View

Products Affected

primx

zed\!
zonecentral
zedmail

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-50440", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-12-13T21:15:09.610", "references": [{"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.primx.eu/fr/blog/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30931/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.primx.eu/fr/blog/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim."}, {"lang": "es", "value": "Contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; ZED! para Windows, Mac, Linux antes de 2023.5; ZEDFREE para Windows, Mac, Linux antes de 2023.5; o ZEDPRO para Windows, Mac, Linux anterior a 2023.5 puede ser modificado por un atacante no autenticado para incluir una referencia UNC de modo que pueda activar el acceso a la red a una maquina controlada por el atacante cuando la v\u00edctima la abra."}], "lastModified": "2024-11-21T08:36:59.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:linux:*:*", "vulnerable": true, "matchCriteriaId": "CC444405-D58E-42B4-A1EF-1EF4F0CC6300", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:macos:*:*", "vulnerable": true, "matchCriteriaId": "34D7936A-123E-4582-9F90-2724A814CB0A", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:linux:*:*", "vulnerable": true, "matchCriteriaId": "B67C1CB4-F980-4856-82B2-95BECC07F380", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:macos:*:*", "vulnerable": true, "matchCriteriaId": "A895BAFB-8677-4ABB-9188-C84CAA9DC74B", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:free:windows:*:*", "vulnerable": true, "matchCriteriaId": "006184BD-4D3B-4DB1-AE7C-E3B10E683BFB", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:linux:*:*", "vulnerable": true, "matchCriteriaId": "74F37A78-4F7C-4334-B9C1-8D8BA1570527", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:macos:*:*", "vulnerable": true, "matchCriteriaId": "D1C7B28D-6E45-4B99-B764-2D622DDBE53A", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:pro:windows:*:*", "vulnerable": true, "matchCriteriaId": "ACFFF19C-080B-485E-8E83-927125E5676E", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*", "vulnerable": true, "matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC", "versionEndExcluding": "q.2020.3"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*", "vulnerable": true, "matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77", "versionEndExcluding": "2023.5", "versionStartIncluding": "2023.0"}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*", "vulnerable": true, "matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951", "versionEndExcluding": "q.2021.2", "versionStartIncluding": "q.2021.0"}, {"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1", "versionEndExcluding": "2023.5"}, {"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2", "versionEndExcluding": "q.2021.2"}, {"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3", "versionEndExcluding": "2023.5", "versionStartIncluding": "2023.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}