cvelistv5 - CVE-2023-50444

CVE-2023-50444 (GCVE-0-2023-50444)

Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2024-11-26 15:22

Summary

By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.primx.eu/fr/blog/
	https://www.primx.eu/en/bulletins/security-bullet…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.primx.eu/fr/blog/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-19T19:18:36.037192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T15:22:48.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-13T20:08:45.780353",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.primx.eu/fr/blog/"
        },
        {
          "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-50444",
    "datePublished": "2023-12-13T00:00:00",
    "dateReserved": "2023-12-10T00:00:00",
    "dateUpdated": "2024-11-26T15:22:48.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:primx:zed\\\\!:*:*:*:*:enterprise:windows:*:*\", \"versionEndExcluding\": \"q.2020.3\", \"matchCriteriaId\": \"7C67598A-6CE7-4802-BB1F-65D40CF38DAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:primx:zed\\\\!:*:*:*:*:enterprise:windows:*:*\", \"versionStartIncluding\": \"2023.0\", \"versionEndExcluding\": \"2023.5\", \"matchCriteriaId\": \"1B21D96F-47D7-4DE6-80AD-68986FF75C77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:primx:zed\\\\!:*:*:*:*:enterprise:windows:*:*\", \"versionStartIncluding\": \"q.2021.0\", \"versionEndExcluding\": \"q.2021.2\", \"matchCriteriaId\": \"747C7A04-7E6E-4A2C-BCFC-01EC16ABE951\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"2023.5\", \"matchCriteriaId\": \"01B1BDF0-697E-4EA2-8E26-5B786E03FCF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"q.2021.2\", \"matchCriteriaId\": \"60E1C4D1-FD43-44D1-90E3-0A3936D947A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"2023.0\", \"versionEndExcluding\": \"2023.5\", \"matchCriteriaId\": \"5FA52575-445D-48F8-B1D9-F3981DDBD5D3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.\"}, {\"lang\": \"es\", \"value\": \"De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\\u00f3n de calificaci\\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\\u00f3n de calificaci\\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\\u00f3n de calificaci\\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; y ZED! para Windows, Mac y Linux anteriores a 2023.5 incluyen una versi\\u00f3n cifrada de informaci\\u00f3n confidencial del usuario, lo que podr\\u00eda permitir que un atacante no autenticado la obtenga mediante fuerza bruta.\"}]",
      "id": "CVE-2023-50444",
      "lastModified": "2024-11-21T08:37:00.407",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-12-13T20:15:49.840",
      "references": "[{\"url\": \"https://www.primx.eu/en/bulletins/security-bulletin-23B30874/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.primx.eu/fr/blog/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.primx.eu/en/bulletins/security-bulletin-23B30874/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.primx.eu/fr/blog/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-307\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-50444\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-12-13T20:15:49.840\",\"lastModified\":\"2024-11-21T08:37:00.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.\"},{\"lang\":\"es\",\"value\":\"De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; y ZED! para Windows, Mac y Linux anteriores a 2023.5 incluyen una versi\u00f3n cifrada de informaci\u00f3n confidencial del usuario, lo que podr\u00eda permitir que un atacante no autenticado la obtenga mediante fuerza bruta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:primx:zed\\\\!:*:*:*:*:enterprise:windows:*:*\",\"versionEndExcluding\":\"q.2020.3\",\"matchCriteriaId\":\"7C67598A-6CE7-4802-BB1F-65D40CF38DAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:primx:zed\\\\!:*:*:*:*:enterprise:windows:*:*\",\"versionStartIncluding\":\"2023.0\",\"versionEndExcluding\":\"2023.5\",\"matchCriteriaId\":\"1B21D96F-47D7-4DE6-80AD-68986FF75C77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:primx:zed\\\\!:*:*:*:*:enterprise:windows:*:*\",\"versionStartIncluding\":\"q.2021.0\",\"versionEndExcluding\":\"q.2021.2\",\"matchCriteriaId\":\"747C7A04-7E6E-4A2C-BCFC-01EC16ABE951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"2023.5\",\"matchCriteriaId\":\"01B1BDF0-697E-4EA2-8E26-5B786E03FCF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"q.2021.2\",\"matchCriteriaId\":\"60E1C4D1-FD43-44D1-90E3-0A3936D947A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"2023.0\",\"versionEndExcluding\":\"2023.5\",\"matchCriteriaId\":\"5FA52575-445D-48F8-B1D9-F3981DDBD5D3\"}]}]}],\"references\":[{\"url\":\"https://www.primx.eu/en/bulletins/security-bulletin-23B30874/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.primx.eu/fr/blog/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://www.primx.eu/en/bulletins/security-bulletin-23B30874/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.primx.eu/fr/blog/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.primx.eu/fr/blog/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.primx.eu/en/bulletins/security-bulletin-23B30874/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:16:46.903Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-50444\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-12-19T19:18:36.037192Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-26T15:22:44.420Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.primx.eu/fr/blog/\"}, {\"url\": \"https://www.primx.eu/en/bulletins/security-bulletin-23B30874/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-12-13T20:08:45.780353\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-50444\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T15:22:48.480Z\", \"dateReserved\": \"2023-12-10T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-12-13T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-1021

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits PRIM'X. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

La très forte réactivité de l'éditeur a permis de corriger ces vulnérabilités et publier des correctifs dans un délai de 3 mois.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IMPORTANT : Déployer les nouvelles versions des logiciels n'est pas suffisant, il est également nécessaire de prendre les mesures suivantes :

créer de nouveaux conteneurs Zed! et ne pas réutiliser les anciens ;
appliquer une politique de mot de passe forte pour les mots de passe utilisateurs (si la liste d'accès est protégée par mot de passe) ;
contrôler les droits d'accès aux fichiers de zone utilisés par ZoneCentral enfin d'en limiter les droits d'écriture aux seuls administrateurs ZoneCentral.

None

Impacted products

Vendor	Product	Description
PrimX	CRYHOD	CRYHOD versions antérieures à 2023.5 pour Windows
PrimX	ZEDMAIL	ZED! features dans ZEDMAIL versions antérieures à 2023.5 pour Windows
Apple	macOS	ZEDFREE versions antérieures à 2023.5 pour Windows, macOS et Linux
Apple	macOS	ZED! Enterprise versions antérieures à 2023.5 pour Windows, macOS et Linux
Apple	macOS	ZEDPRO versions antérieures à 2023.5 pour Windows, macOS et Linux
PrimX	ZONECENTRAL	ZED! features dans ZONECENTRAL versions antérieures à 2023.5 pour Windows (à l'exception de la vulnérabilité CVE-2023-50442 qui affecte toutes les versions)

References

Title

Publication Time

Tags

Bulletin de sécurité PRIM'X 23b30874 du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b30930 du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b3093a du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b30933 du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b3093b du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b30931 du 13 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CRYHOD versions ant\u00e9rieures \u00e0 2023.5 pour Windows",
      "product": {
        "name": "CRYHOD",
        "vendor": {
          "name": "PrimX",
          "scada": false
        }
      }
    },
    {
      "description": "ZED! features dans ZEDMAIL versions ant\u00e9rieures \u00e0 2023.5 pour Windows",
      "product": {
        "name": "ZEDMAIL",
        "vendor": {
          "name": "PrimX",
          "scada": false
        }
      }
    },
    {
      "description": "ZEDFREE versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "ZED! Enterprise versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "ZEDPRO versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "ZED! features dans ZONECENTRAL versions ant\u00e9rieures \u00e0 2023.5 pour Windows (\u00e0 l\u0027exception de la vuln\u00e9rabilit\u00e9 CVE-2023-50442 qui affecte toutes les versions)",
      "product": {
        "name": "ZONECENTRAL",
        "vendor": {
          "name": "PrimX",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n**\u003cspan style=\"color: #ff0000;\"\u003eIMPORTANT :\u003c/span\u003e** D\u00e9ployer les\nnouvelles versions des logiciels n\u0027est pas suffisant, il est \u00e9galement\nn\u00e9cessaire de prendre les mesures suivantes :\n\n-   cr\u00e9er de nouveaux conteneurs Zed! et ne pas r\u00e9utiliser les anciens ;\n-   appliquer une politique de mot de passe forte pour les mots de passe\n    utilisateurs (si la liste d\u0027acc\u00e8s est prot\u00e9g\u00e9e par mot de passe) ;\n-   contr\u00f4ler les droits d\u0027acc\u00e8s aux fichiers de zone utilis\u00e9s par\n    ZoneCentral enfin d\u0027en limiter les droits d\u0027\u00e9criture aux seuls\n    administrateurs ZoneCentral.\n\n\u00a0\n",
  "cves": [
    {
      "name": "CVE-2023-50441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50441"
    },
    {
      "name": "CVE-2023-50442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50442"
    },
    {
      "name": "CVE-2023-50444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50444"
    },
    {
      "name": "CVE-2023-50439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50439"
    },
    {
      "name": "CVE-2023-50440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50440"
    },
    {
      "name": "CVE-2023-50443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50443"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-1021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nPRIM\u0027X. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nLa tr\u00e8s forte r\u00e9activit\u00e9 de l\u0027\u00e9diteur a permis de corriger ces\nvuln\u00e9rabilit\u00e9s et publier des correctifs dans un d\u00e9lai de 3 mois.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits PRIM\u0027X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30874 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30874/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30930 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30930/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b3093a du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b3093a/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30933 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30933/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b3093b du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b3093b/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30931 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30931/"
    }
  ]
}

CERTFR-2023-AVI-1021

Vulnerability from certfr_avis - Published: - Updated:

La très forte réactivité de l'éditeur a permis de corriger ces vulnérabilités et publier des correctifs dans un délai de 3 mois.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IMPORTANT : Déployer les nouvelles versions des logiciels n'est pas suffisant, il est également nécessaire de prendre les mesures suivantes :

créer de nouveaux conteneurs Zed! et ne pas réutiliser les anciens ;
appliquer une politique de mot de passe forte pour les mots de passe utilisateurs (si la liste d'accès est protégée par mot de passe) ;
contrôler les droits d'accès aux fichiers de zone utilisés par ZoneCentral enfin d'en limiter les droits d'écriture aux seuls administrateurs ZoneCentral.

None

Impacted products

Vendor	Product	Description
PrimX	CRYHOD	CRYHOD versions antérieures à 2023.5 pour Windows
PrimX	ZEDMAIL	ZED! features dans ZEDMAIL versions antérieures à 2023.5 pour Windows
Apple	macOS	ZEDFREE versions antérieures à 2023.5 pour Windows, macOS et Linux
Apple	macOS	ZED! Enterprise versions antérieures à 2023.5 pour Windows, macOS et Linux
Apple	macOS	ZEDPRO versions antérieures à 2023.5 pour Windows, macOS et Linux
PrimX	ZONECENTRAL	ZED! features dans ZONECENTRAL versions antérieures à 2023.5 pour Windows (à l'exception de la vulnérabilité CVE-2023-50442 qui affecte toutes les versions)

References

Title

Publication Time

Tags

Bulletin de sécurité PRIM'X 23b30874 du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b30930 du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b3093a du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b30933 du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b3093b du 13 décembre 2023	None	vendor-advisory
Bulletin de sécurité PRIM'X 23b30931 du 13 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CRYHOD versions ant\u00e9rieures \u00e0 2023.5 pour Windows",
      "product": {
        "name": "CRYHOD",
        "vendor": {
          "name": "PrimX",
          "scada": false
        }
      }
    },
    {
      "description": "ZED! features dans ZEDMAIL versions ant\u00e9rieures \u00e0 2023.5 pour Windows",
      "product": {
        "name": "ZEDMAIL",
        "vendor": {
          "name": "PrimX",
          "scada": false
        }
      }
    },
    {
      "description": "ZEDFREE versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "ZED! Enterprise versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "ZEDPRO versions ant\u00e9rieures \u00e0 2023.5 pour Windows, macOS et Linux",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "ZED! features dans ZONECENTRAL versions ant\u00e9rieures \u00e0 2023.5 pour Windows (\u00e0 l\u0027exception de la vuln\u00e9rabilit\u00e9 CVE-2023-50442 qui affecte toutes les versions)",
      "product": {
        "name": "ZONECENTRAL",
        "vendor": {
          "name": "PrimX",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n**\u003cspan style=\"color: #ff0000;\"\u003eIMPORTANT :\u003c/span\u003e** D\u00e9ployer les\nnouvelles versions des logiciels n\u0027est pas suffisant, il est \u00e9galement\nn\u00e9cessaire de prendre les mesures suivantes :\n\n-   cr\u00e9er de nouveaux conteneurs Zed! et ne pas r\u00e9utiliser les anciens ;\n-   appliquer une politique de mot de passe forte pour les mots de passe\n    utilisateurs (si la liste d\u0027acc\u00e8s est prot\u00e9g\u00e9e par mot de passe) ;\n-   contr\u00f4ler les droits d\u0027acc\u00e8s aux fichiers de zone utilis\u00e9s par\n    ZoneCentral enfin d\u0027en limiter les droits d\u0027\u00e9criture aux seuls\n    administrateurs ZoneCentral.\n\n\u00a0\n",
  "cves": [
    {
      "name": "CVE-2023-50441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50441"
    },
    {
      "name": "CVE-2023-50442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50442"
    },
    {
      "name": "CVE-2023-50444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50444"
    },
    {
      "name": "CVE-2023-50439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50439"
    },
    {
      "name": "CVE-2023-50440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50440"
    },
    {
      "name": "CVE-2023-50443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50443"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-1021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nPRIM\u0027X. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nLa tr\u00e8s forte r\u00e9activit\u00e9 de l\u0027\u00e9diteur a permis de corriger ces\nvuln\u00e9rabilit\u00e9s et publier des correctifs dans un d\u00e9lai de 3 mois.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits PRIM\u0027X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30874 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30874/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30930 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30930/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b3093a du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b3093a/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30933 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30933/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b3093b du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b3093b/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 PRIM\u0027X 23b30931 du 13 d\u00e9cembre 2023",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23b30931/"
    }
  ]
}

GHSA-RF58-MQX7-7RWR

Vulnerability from github – Published: 2023-12-13 21:30 – Updated: 2023-12-20 21:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-50444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-13T20:15:49Z",
    "severity": "HIGH"
  },
  "details": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.",
  "id": "GHSA-rf58-mqx7-7rwr",
  "modified": "2023-12-20T21:30:29Z",
  "published": "2023-12-13T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50444"
    },
    {
      "type": "WEB",
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874"
    },
    {
      "type": "WEB",
      "url": "https://www.primx.eu/fr/blog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2023-50444

Vulnerability from fkie_nvd - Published: 2023-12-13 20:15 - Updated: 2024-11-21 08:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	https://www.primx.eu/en/bulletins/security-bulletin-23B30874/	Vendor Advisory
cve@mitre.org	https://www.primx.eu/fr/blog/	Product
af854a3a-2127-422b-91ae-364da2661108	https://www.primx.eu/en/bulletins/security-bulletin-23B30874/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.primx.eu/fr/blog/	Product

Impacted products

Vendor	Product	Version
primx	zed\!	*
primx	zed\!	*
primx	zed\!	*
primx	zedmail	*
primx	zonecentral	*
primx	zonecentral	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
              "matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
              "versionEndExcluding": "q.2020.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
              "matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
              "versionEndExcluding": "2023.5",
              "versionStartIncluding": "2023.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
              "matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
              "versionEndExcluding": "q.2021.2",
              "versionStartIncluding": "q.2021.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
              "versionEndExcluding": "2023.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
              "versionEndExcluding": "q.2021.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
              "versionEndExcluding": "2023.5",
              "versionStartIncluding": "2023.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
    },
    {
      "lang": "es",
      "value": "De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; y ZED! para Windows, Mac y Linux anteriores a 2023.5 incluyen una versi\u00f3n cifrada de informaci\u00f3n confidencial del usuario, lo que podr\u00eda permitir que un atacante no autenticado la obtenga mediante fuerza bruta."
    }
  ],
  "id": "CVE-2023-50444",
  "lastModified": "2024-11-21T08:37:00.407",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-13T20:15:49.840",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.primx.eu/fr/blog/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://www.primx.eu/fr/blog/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-50444

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-50444

Aliases

CVE-2023-50444

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-50444",
    "id": "GSD-2023-50444"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-50444"
      ],
      "details": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force.",
      "id": "GSD-2023-50444",
      "modified": "2023-12-13T01:20:31.270545Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-50444",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.primx.eu/fr/blog/",
            "refsource": "MISC",
            "url": "https://www.primx.eu/fr/blog/"
          },
          {
            "name": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/",
            "refsource": "MISC",
            "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
                    "matchCriteriaId": "7C67598A-6CE7-4802-BB1F-65D40CF38DAC",
                    "versionEndExcluding": "q.2020.3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
                    "matchCriteriaId": "1B21D96F-47D7-4DE6-80AD-68986FF75C77",
                    "versionEndExcluding": "2023.5",
                    "versionStartIncluding": "2023.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:primx:zed\\!:*:*:*:*:enterprise:windows:*:*",
                    "matchCriteriaId": "747C7A04-7E6E-4A2C-BCFC-01EC16ABE951",
                    "versionEndExcluding": "q.2021.2",
                    "versionStartIncluding": "q.2021.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:primx:zedmail:*:*:*:*:*:windows:*:*",
                    "matchCriteriaId": "01B1BDF0-697E-4EA2-8E26-5B786E03FCF1",
                    "versionEndExcluding": "2023.5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
                    "matchCriteriaId": "60E1C4D1-FD43-44D1-90E3-0A3936D947A2",
                    "versionEndExcluding": "q.2021.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:primx:zonecentral:*:*:*:*:*:windows:*:*",
                    "matchCriteriaId": "5FA52575-445D-48F8-B1D9-F3981DDBD5D3",
                    "versionEndExcluding": "2023.5",
                    "versionStartIncluding": "2023.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "By default, .ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before 2023.5; ZEDMAIL for Windows before 2023.5; and ZED! for Windows, Mac, Linux before 2023.5 include an encrypted version of sensitive user information, which could allow an unauthenticated attacker to obtain it via brute force."
          },
          {
            "lang": "es",
            "value": "De forma predeterminada, los contenedores ZED producidos por PRIMX ZED! para Windows anteriores a Q.2020.3 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZED! para Windows anteriores a Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de Q.2021.2 (presentaci\u00f3n de calificaci\u00f3n ANSSI); ZONECENTRAL para Windows antes de 2023.5; ZEDMAIL para Windows antes de 2023.5; y ZED! para Windows, Mac y Linux anteriores a 2023.5 incluyen una versi\u00f3n cifrada de informaci\u00f3n confidencial del usuario, lo que podr\u00eda permitir que un atacante no autenticado la obtenga mediante fuerza bruta."
          }
        ],
        "id": "CVE-2023-50444",
        "lastModified": "2023-12-20T18:31:52.980",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-12-13T20:15:49.840",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.primx.eu/en/bulletins/security-bulletin-23B30874/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Product"
            ],
            "url": "https://www.primx.eu/fr/blog/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-307"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-50444 (GCVE-0-2023-50444)

CERTFR-2023-AVI-1021

Solution

CERTFR-2023-AVI-1021

Solution

GHSA-RF58-MQX7-7RWR

FKIE_CVE-2023-50444

GSD-2023-50444

Tags

Sightings

Nomenclature