Overall Information
- Original Released Date: March 3, 2023
- Last Update Date: March 3, 2023
- Severity: High
- CVSS Score: 8.3
- CVSS Vector String: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
- CVE(If appliable): CVE-2023-25069
Description
TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to.
Please note that an attacker must obtain a low-privileged authenticated user’s profile on the target system in order to exploit this vulnerability.
Affected Version(s)
| Product | Affected Version(s) | Platform |
|---|---|---|
| StellarOne | Before V2.0.1160 | Linux |
Solution
TXOne Networks has released the following solution to address the issue
| Product | Updated Version(s) | Note | Platform | Availability |
|---|---|---|---|---|
| StellarOne | V2.1.1127 | Readme | Linux | Now available |
Any version before the one recommended here would not suffice as a solution to this vulnerability. TXOne Networks highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.
Acknowledgement
TXOne Networks would like to thank the following individual for responsibly disclosing these issues and working with TXOne Networks to help protect our customers:
- Elias Martinez working with Trend Micro's Zero Day Initiative
External Reference(s)
- ZDI-CAN-18848
If you encounter any problems related to this vulnerability, please contact security@txone.com