Lucene search

[email protected]CVE-2023-0093

HistoryMar 06, 2023 - 9:15 p.m.

CVE-2023-0093

2023-03-0621:15:10

CWE-77

[email protected]

web.nvd.nist.gov

okta

advanced server access

client

cve-2023-0093

command injection

third party library

webbrowser

security

vulnerability

phishing

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.

Affected configurations

NVD

Node

oktaadvanced_server_accessRange1.13.1–1.68.2

CPENameOperatorVersion
okta:advanced_server_accessokta advanced server accesslt1.68.2

CPE	Name	Operator	Version
okta:advanced_server_access	okta advanced server access	lt	1.68.2

CNA Affected

[
  {
    "vendor": "Okta",
    "product": "Advanced Server Access",
    "versions": [
      {
        "version": "1.13.1 through 1.65.0",
        "status": "affected"
      }
    ]
  }
]

References

trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2023-0093/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for CVE-2023-0093

prion1 nessus1 cvelist1 nvd1