Skip to main content

CVE-2023-50440: n/a in n/a

Medium
VulnerabilityCVE-2023-50440cvecve-2023-50440
Published: Wed Dec 13 2023 (12/13/2023, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; ZED! for Windows, Mac, Linux before 2023.5; ZEDFREE for Windows, Mac, Linux before 2023.5; or ZEDPRO for Windows, Mac, Linux before 2023.5 can be modified by an unauthenticated attacker to include a UNC reference so that it could trigger network access to an attacker-controlled computer when opened by the victim.

AI-Powered Analysis

AILast updated: 07/03/2025, 18:43:32 UTC

Technical Analysis

CVE-2023-50440 is a medium-severity vulnerability affecting multiple versions of PRIMX's ZED container products, including ZED!, ZONECENTRAL, ZEDMAIL, ZEDFREE, and ZEDPRO across Windows, Mac, and Linux platforms prior to version 2023.5. The vulnerability allows an unauthenticated attacker to modify ZED container files to embed a UNC (Universal Naming Convention) reference. When a victim opens the manipulated container, this UNC reference triggers network access to an attacker-controlled system. This behavior can lead to unintended outbound network connections initiated by the victim's machine without authentication, potentially exposing sensitive information such as Windows credentials or internal network details through SMB or other protocols used in UNC paths. The vulnerability is classified under CWE-284 (Improper Access Control), indicating insufficient restrictions on modifying container contents. The CVSS 3.1 base score is 5.5 (medium), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, meaning the attack requires local access to modify the container, no privileges, user interaction to open the container, and impacts confidentiality by potentially leaking sensitive information, but does not affect integrity or availability. No known exploits are reported in the wild, and no patches are explicitly linked, suggesting that mitigation may rely on updating to fixed versions or applying vendor guidance once available. The vulnerability leverages social engineering or user interaction to trigger the network connection, which could be used for reconnaissance or credential harvesting by attackers controlling the referenced UNC resource.

Potential Impact

For European organizations, this vulnerability poses a risk primarily to confidentiality. If attackers can convince users to open manipulated ZED containers, they may induce outbound network connections to attacker-controlled servers, potentially leaking Windows authentication hashes or other sensitive network information. This can facilitate lateral movement or further compromise within corporate networks. Organizations using PRIMX ZED products for secure containerization or email encryption may be particularly at risk. The cross-platform nature (Windows, Mac, Linux) broadens the attack surface. Given the requirement for local modification of containers and user interaction, the attack vector is somewhat limited but still significant in environments where users frequently exchange containerized files or emails. The vulnerability could be exploited in targeted spear-phishing campaigns or insider threat scenarios. European organizations with strict data protection regulations (e.g., GDPR) must consider the confidentiality impact seriously, as unauthorized data disclosure could lead to compliance violations and reputational damage.

Mitigation Recommendations

1. Upgrade all affected PRIMX ZED products to version 2023.5 or later as soon as patches become available from the vendor. 2. Implement strict controls on the creation and modification of ZED container files, ensuring only trusted users can alter container contents. 3. Educate users about the risks of opening containers from untrusted or unexpected sources, emphasizing caution with files that may trigger network connections. 4. Monitor outbound network traffic for unusual SMB or UNC connection attempts, especially to unknown external IP addresses, using network intrusion detection systems or firewall rules. 5. Employ endpoint detection and response (EDR) solutions to detect suspicious file modifications and network activities related to container files. 6. Consider disabling or restricting UNC path resolution in environments where it is not required, or apply group policy settings to limit automatic network connections triggered by file references. 7. Conduct regular audits of container usage and file integrity to detect unauthorized modifications. 8. Collaborate with PRIMX support or security teams to receive timely updates and guidance on this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-12-10T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683eff8d182aa0cae27db840

Added to database: 6/3/2025, 1:58:37 PM

Last enriched: 7/3/2025, 6:43:32 PM

Last updated: 7/29/2025, 7:52:22 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats