CVE-2023-50440

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.primx.eu/en/bulletins/security-bulletin-23B30931/	Vendor Advisory
https://www.primx.eu/fr/blog/	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:primx:zed\!:::::enterprise:linux::
	cpe:2.3:a:primx:zed\!:::::enterprise:macos::
	cpe:2.3:a:primx:zed\!:::::free:linux::
	cpe:2.3:a:primx:zed\!:::::free:macos::
	cpe:2.3:a:primx:zed\!:::::free:windows::
	cpe:2.3:a:primx:zed\!:::::pro:linux::
	cpe:2.3:a:primx:zed\!:::::pro:macos::
	cpe:2.3:a:primx:zed\!:::::pro:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zedmail::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*

History

20 Dec 2023, 18:29

Type	Values Removed	Values Added
First Time		Primx Primx zonecentral Primx zed\! Primx zedmail
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:primx:zed\!:::::pro:windows:: cpe:2.3:a:primx:zed\!:::::free:linux:: cpe:2.3:a:primx:zed\!:::::pro:linux:: cpe:2.3:a:primx:zonecentral::::::windows::* cpe:2.3:a:primx:zed\!:::::pro:macos:: cpe:2.3:a:primx:zedmail::::::windows::* cpe:2.3:a:primx:zed\!:::::enterprise:linux:: cpe:2.3:a:primx:zed\!:::::enterprise:windows:: cpe:2.3:a:primx:zed\!:::::enterprise:macos:: cpe:2.3:a:primx:zed\!:::::free:windows:: cpe:2.3:a:primx:zed\!:::::free:macos::
References	~~() https://www.primx.eu/en/bulletins/security-bulletin-23B30931/ -~~	() https://www.primx.eu/en/bulletins/security-bulletin-23B30931/ - Vendor Advisory
References	~~() https://www.primx.eu/fr/blog/ -~~	() https://www.primx.eu/fr/blog/ - Product
Summary		(es) Contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentación de calificación ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentación de calificación ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentación de calificación ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; ZED! para Windows, Mac, Linux antes de 2023.5; ZEDFREE para Windows, Mac, Linux antes de 2023.5; o ZEDPRO para Windows, Mac, Linux anterior a 2023.5 puede ser modificado por un atacante no autenticado para incluir una referencia UNC de modo que pueda activar el acceso a la red a una maquina controlada por el atacante cuando la víctima la abra.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

13 Dec 2023, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-13 21:15

Updated : 2023-12-20 18:29

NVD link : CVE-2023-50440

Mitre link : CVE-2023-50440

CVE.ORG link : CVE-2023-50440

JSON object : View

Products Affected

primx

zed\!
zedmail
zonecentral

CWE

NVD-CWE-noinfo

5.5 /10