Vulnerability Description
TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Txone Stellarone | < 2.0.1160 |
| Linux | Linux Kernel | - |
References
- https://success.trendmicro.com/solution/000292486Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-231/Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/000292486Vendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-231/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2023-25069?
CVE-2023-25069 is a vulnerability with a CVSS score of 8.8 (HIGH). TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges...
How severe is CVE-2023-25069?
CVE-2023-25069 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25069?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Txone Stellarone, Linux Linux Kernel.