CVE-2023-50440: n/a in n/a
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
AI Analysis
Technical Summary
CVE-2023-50440 is a medium-severity vulnerability affecting multiple versions of PRIMX's ZED container products, including ZED!, ZONECENTRAL, ZEDMAIL, ZEDFREE, and ZEDPRO across Windows, Mac, and Linux platforms prior to version 2023.5. The vulnerability allows an unauthenticated attacker to modify ZED container files to embed a UNC (Universal Naming Convention) reference. When a victim opens the manipulated container, this UNC reference triggers network access to an attacker-controlled system. This behavior can lead to unintended outbound network connections initiated by the victim's machine without authentication, potentially exposing sensitive information such as Windows credentials or internal network details through SMB or other protocols used in UNC paths. The vulnerability is classified under CWE-284 (Improper Access Control), indicating insufficient restrictions on modifying container contents. The CVSS 3.1 base score is 5.5 (medium), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, meaning the attack requires local access to modify the container, no privileges, user interaction to open the container, and impacts confidentiality by potentially leaking sensitive information, but does not affect integrity or availability. No known exploits are reported in the wild, and no patches are explicitly linked, suggesting that mitigation may rely on updating to fixed versions or applying vendor guidance once available. The vulnerability leverages social engineering or user interaction to trigger the network connection, which could be used for reconnaissance or credential harvesting by attackers controlling the referenced UNC resource.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to confidentiality. If attackers can convince users to open manipulated ZED containers, they may induce outbound network connections to attacker-controlled servers, potentially leaking Windows authentication hashes or other sensitive network information. This can facilitate lateral movement or further compromise within corporate networks. Organizations using PRIMX ZED products for secure containerization or email encryption may be particularly at risk. The cross-platform nature (Windows, Mac, Linux) broadens the attack surface. Given the requirement for local modification of containers and user interaction, the attack vector is somewhat limited but still significant in environments where users frequently exchange containerized files or emails. The vulnerability could be exploited in targeted spear-phishing campaigns or insider threat scenarios. European organizations with strict data protection regulations (e.g., GDPR) must consider the confidentiality impact seriously, as unauthorized data disclosure could lead to compliance violations and reputational damage.
Mitigation Recommendations
1. Upgrade all affected PRIMX ZED products to version 2023.5 or later as soon as patches become available from the vendor. 2. Implement strict controls on the creation and modification of ZED container files, ensuring only trusted users can alter container contents. 3. Educate users about the risks of opening containers from untrusted or unexpected sources, emphasizing caution with files that may trigger network connections. 4. Monitor outbound network traffic for unusual SMB or UNC connection attempts, especially to unknown external IP addresses, using network intrusion detection systems or firewall rules. 5. Employ endpoint detection and response (EDR) solutions to detect suspicious file modifications and network activities related to container files. 6. Consider disabling or restricting UNC path resolution in environments where it is not required, or apply group policy settings to limit automatic network connections triggered by file references. 7. Conduct regular audits of container usage and file integrity to detect unauthorized modifications. 8. Collaborate with PRIMX support or security teams to receive timely updates and guidance on this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden, Switzerland
CVE-2023-50440: n/a in n/a
Description
ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.
AI-Powered Analysis
Technical Analysis
CVE-2023-50440 is a medium-severity vulnerability affecting multiple versions of PRIMX's ZED container products, including ZED!, ZONECENTRAL, ZEDMAIL, ZEDFREE, and ZEDPRO across Windows, Mac, and Linux platforms prior to version 2023.5. The vulnerability allows an unauthenticated attacker to modify ZED container files to embed a UNC (Universal Naming Convention) reference. When a victim opens the manipulated container, this UNC reference triggers network access to an attacker-controlled system. This behavior can lead to unintended outbound network connections initiated by the victim's machine without authentication, potentially exposing sensitive information such as Windows credentials or internal network details through SMB or other protocols used in UNC paths. The vulnerability is classified under CWE-284 (Improper Access Control), indicating insufficient restrictions on modifying container contents. The CVSS 3.1 base score is 5.5 (medium), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, meaning the attack requires local access to modify the container, no privileges, user interaction to open the container, and impacts confidentiality by potentially leaking sensitive information, but does not affect integrity or availability. No known exploits are reported in the wild, and no patches are explicitly linked, suggesting that mitigation may rely on updating to fixed versions or applying vendor guidance once available. The vulnerability leverages social engineering or user interaction to trigger the network connection, which could be used for reconnaissance or credential harvesting by attackers controlling the referenced UNC resource.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to confidentiality. If attackers can convince users to open manipulated ZED containers, they may induce outbound network connections to attacker-controlled servers, potentially leaking Windows authentication hashes or other sensitive network information. This can facilitate lateral movement or further compromise within corporate networks. Organizations using PRIMX ZED products for secure containerization or email encryption may be particularly at risk. The cross-platform nature (Windows, Mac, Linux) broadens the attack surface. Given the requirement for local modification of containers and user interaction, the attack vector is somewhat limited but still significant in environments where users frequently exchange containerized files or emails. The vulnerability could be exploited in targeted spear-phishing campaigns or insider threat scenarios. European organizations with strict data protection regulations (e.g., GDPR) must consider the confidentiality impact seriously, as unauthorized data disclosure could lead to compliance violations and reputational damage.
Mitigation Recommendations
1. Upgrade all affected PRIMX ZED products to version 2023.5 or later as soon as patches become available from the vendor. 2. Implement strict controls on the creation and modification of ZED container files, ensuring only trusted users can alter container contents. 3. Educate users about the risks of opening containers from untrusted or unexpected sources, emphasizing caution with files that may trigger network connections. 4. Monitor outbound network traffic for unusual SMB or UNC connection attempts, especially to unknown external IP addresses, using network intrusion detection systems or firewall rules. 5. Employ endpoint detection and response (EDR) solutions to detect suspicious file modifications and network activities related to container files. 6. Consider disabling or restricting UNC path resolution in environments where it is not required, or apply group policy settings to limit automatic network connections triggered by file references. 7. Conduct regular audits of container usage and file integrity to detect unauthorized modifications. 8. Collaborate with PRIMX support or security teams to receive timely updates and guidance on this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2023-12-10T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683eff8d182aa0cae27db840
Added to database: 6/3/2025, 1:58:37 PM
Last enriched: 7/3/2025, 6:43:32 PM
Last updated: 7/29/2025, 7:52:22 PM
Views: 14
Related Threats
CVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumCVE-2025-8482: CWE-862 Missing Authorization in 10up Simple Local Avatars
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.