CVE-2023-50440

MEDIUM

PRIMX ZED! ZEDMAIL ZONECENTRAL ZEDFREE ZEDPRO < 2023.5 - Unauthenticated Access Control Bypass via UNC Injection

Title source: llm

Description

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

References (2)

Core 2

Core References

Vendor Advisory

https://www.primx.eu/en/bulletins/security-bulletin-23B30931/

Product

https://www.primx.eu/fr/blog/

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 13.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (4)

primx/zed\! < 2023.5 (8 CPE variants)

primx/zed\! < q.2020.3

primx/zedmail < 2023.5

primx/zonecentral < q.2021.2

Published Dec 13, 2023

Tracked Since Feb 18, 2026