How severe is CVE-2023-51772?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-51772?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2023-51772 - HIGH Severity | CVSS 8.8

Vulnerability Description

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM.

Related Vulnerabilities

CVE-2017-15653

HIGH

CVSS:8.8(High)

Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing adminis...

CWE-6132017

CVE-2017-6529

HIGH

CVSS:8.8(High)

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.

CWE-6132017

CVE-2018-1195

HIGH

CVSS:8.8(High)

In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access token...

CWE-6132018

CVE-2019-10229

HIGH

CVSS:8.8(High)

An issue was discovered in MailStore Server (and Service Provider Edition) 9.x through 11.x before 11.2.2. When the directory service (for synchronizing and authenticating users) is set to Generic LDA...

CWE-6132019

CVE-2019-12421

HIGH

CVSS:8.8(High)

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server ...

CWE-6132019

CVE-2019-17375

HIGH

CVSS:8.8(High)

cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).

CWE-6132019