CVE-2023-50440

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.primx.eu/en/bulletins/security-bulletin-23B30931/	Vendor Advisory
https://www.primx.eu/fr/blog/	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:primx:zed\!:::::enterprise:linux::
	cpe:2.3:a:primx:zed\!:::::enterprise:macos::
	cpe:2.3:a:primx:zed\!:::::free:linux::
	cpe:2.3:a:primx:zed\!:::::free:macos::
	cpe:2.3:a:primx:zed\!:::::free:windows::
	cpe:2.3:a:primx:zed\!:::::pro:linux::
	cpe:2.3:a:primx:zed\!:::::pro:macos::
	cpe:2.3:a:primx:zed\!:::::pro:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zedmail::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*

History

20 Dec 2023, 18:29

Type	Values Removed	Values Added
References	~~() https://www.primx.eu/en/bulletins/security-bulletin-23B30931/ -~~	() https://www.primx.eu/en/bulletins/security-bulletin-23B30931/ - Vendor Advisory
References	~~() https://www.primx.eu/fr/blog/ -~~	() https://www.primx.eu/fr/blog/ - Product
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:a:primx:zonecentral::::::windows::* cpe:2.3:a:primx:zed\!:::::free:macos:: cpe:2.3:a:primx:zed\!:::::pro:macos:: cpe:2.3:a:primx:zed\!:::::pro:windows:: cpe:2.3:a:primx:zedmail::::::windows::* cpe:2.3:a:primx:zed\!:::::enterprise:macos:: cpe:2.3:a:primx:zed\!:::::free:windows:: cpe:2.3:a:primx:zed\!:::::pro:linux:: cpe:2.3:a:primx:zed\!:::::enterprise:linux:: cpe:2.3:a:primx:zed\!:::::enterprise:windows:: cpe:2.3:a:primx:zed\!:::::free:linux::

13 Dec 2023, 21:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-13 21:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-50440

Mitre link : CVE-2023-50440

CVE.ORG link : CVE-2023-50440

JSON object : View

Products Affected

primx

zonecentral
zedmail
zed\!

CWE

NVD-CWE-noinfo

5.5 /10