[Security Bulletin] Improper Access Control Privilege Escalation Vulnerability for StellarOne

Prev Next

Overall Information

  • Original Released Date: March 3, 2023
  • Last Update Date: March 3, 2023
  • Severity: High
  • CVSS Score: 8.3
  • CVSS Vector String: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
  • CVE(If appliable): CVE-2023-25069

Description

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to.

Please note that an attacker must obtain a low-privileged authenticated user’s profile on the target system in order to exploit this vulnerability.

Affected Version(s)

Product Affected Version(s) Platform
StellarOne Before V2.0.1160 Linux

Solution

TXOne Networks has released the following solution to address the issue

Product Updated Version(s) Note Platform Availability
StellarOne V2.1.1127 Readme Linux Now available

Any version before the one recommended here would not suffice as a solution to this vulnerability. TXOne Networks highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.

Acknowledgement

TXOne Networks would like to thank the following individual for responsibly disclosing these issues and working with TXOne Networks to help protect our customers:

External Reference(s)

  • ZDI-CAN-18848

If you encounter any problems related to this vulnerability, please contact security@txone.com