Lucene search

OktaCVE-2023-0093

HistoryMar 06, 2023 - 9:15 p.m.

CVE-2023-0093

2023-03-0621:15:10

CWE-77

Okta

web.nvd.nist.gov

okta

advanced server access

client

cve-2023-0093

command injection

third party library

webbrowser

security

vulnerability

phishing

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.

Affected configurations

Nvd

Node

oktaadvanced_server_accessRange1.13.1–1.68.2

VendorProductVersionCPE
oktaadvanced_server_access*cpe:2.3:a:okta:advanced_server_access:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
okta	advanced_server_access	*	cpe:2.3:a:okta:advanced_server_access::::::::

CNA Affected

[
  {
    "vendor": "Okta",
    "product": "Advanced Server Access",
    "versions": [
      {
        "version": "1.13.1 through 1.65.0",
        "status": "affected"
      }
    ]
  }
]

References

trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2023-0093/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Related for CVE-2023-0093