CVE-2023-50444 - OpenCVE

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Primx	Zedmail Zonecentral Zed\!

Configuration 1 [-]

OR	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zed\!:::::enterprise:windows::
	cpe:2.3:a:primx:zedmail::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*
	cpe:2.3:a:primx:zonecentral::::::windows::*

References

Link	Resource
https://www.primx.eu/en/bulletins/security-bulletin-23B30874/	Vendor Advisory
https://www.primx.eu/fr/blog/	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-13T00:00:00

Updated: 2023-12-13T20:08:45.780353

Reserved: 2023-12-10T00:00:00

Link: CVE-2023-50444

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-13T20:15:49.840

Modified: 2023-12-20T18:31:52.980

Link: CVE-2023-50444

JSON object: View

Redhat Information

No data.

CWE

CWE-307

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*", "matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC", "versionEndExcluding": "q.2020.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*", "matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77", "versionEndExcluding": "2023.5", "versionStartIncluding": "2023.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*", "matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951", "versionEndExcluding": "q.2021.2", "versionStartIncluding": "q.2021.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*", "matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1", "versionEndExcluding": "2023.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*", "matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2", "versionEndExcluding": "q.2021.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3", "versionEndExcluding": "2023.5", "versionStartIncluding": "2023.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."}, {"lang": "es", "value": "De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; y ZED! para Windows, Mac y Linux anteriores a 2023.5 incluyen una versi\u00f3n cifrada de informaci\u00f3n confidencial del usuario, lo que podr\u00eda permitir que un atacante no autenticado la obtenga mediante fuerza bruta."}], "id": "CVE-2023-50444", "lastModified": "2023-12-20T18:31:52.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-13T20:15:49.840", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.primx.eu/fr/blog/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}