--- title: "[Security Bulletin] mproper Access Control Privilege Escalation Vulnerability for StellarOne" slug: "security-bulletin-improper-access-control-privilege-escalation-vulnerability-for-stellarone" updated: 2023-03-07T10:02:21Z published: 2023-03-07T10:02:21Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.txone.com/llms.txt > Use this file to discover all available pages before exploring further. # [Security Bulletin] Improper Access Control Privilege Escalation Vulnerability for StellarOne ## Overall Information - Original Released Date: March 3, 2023 - Last Update Date: March 3, 2023 - Severity: High - CVSS Score: 8.3 - CVSS Vector String: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L - CVE(If appliable): CVE-2023-25069 ## Description TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. *Please note that an attacker must obtain a low-privileged authenticated user’s profile on the target system in order to exploit this vulnerability.* ## Affected Version(s) | Product | Affected Version(s) | Platform | | --- | --- | --- | | StellarOne | Before V2.0.1160 | Linux | ## Solution TXOne Networks has released the following solution to address the issue | Product | Updated Version(s) | Note | Platform | Availability | | --- | --- | --- | --- | --- | | StellarOne | [V2.1.1127](https://files.trendmicro.com/products/StellarProtect/TXOne-S1-2.1.1127.ova) | [Readme](https://files.trendmicro.com/documentation/readme/StellarProtect/txso_2.1.1127_readme.txt) | Linux | Now available | Any version before the one recommended here would not suffice as a solution to this vulnerability. TXOne Networks highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.Customers are encouraged to visit Trend Micro’s [Download Center](https://downloadcenter.trendmicro.com/index.php?regs=nabu&prodid=1787) to obtain prerequisite software (such as Service Packs) before applying any of the solutions above. ## Acknowledgement TXOne Networks would like to thank the following individual for responsibly disclosing these issues and working with TXOne Networks to help protect our customers: - Elias Martinez working with [Trend Micro's Zero Day Initiative](http://zerodayinitiative.com/) ## External Reference(s) - ZDI-CAN-18848 If you encounter any problems related to this vulnerability, please contact [security@txone.com](mailto:security@txone.com)