PT-2023-16008 · Okta · Okta Advanced Server Access Client

Tao Sauvage

Publicado

2023-03-06

Atualizado

2023-03-13

CVE-2023-0093

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Okta Advanced Server Access Client versions 1.13.1 through 1.65.0

Description The issue is related to command injection due to an outdated third-party library called webbrowser. This library is used by the Okta Advanced Server Access Client. To exploit this issue, an attacker would need to phish the user into entering an attacker-controlled server URL during enrollment.

Recommendations For Okta Advanced Server Access Client versions 1.13.1 through 1.65.0, consider updating to a version that includes an updated webbrowser library to prevent command injection attacks. As a temporary workaround, restrict user enrollment to trusted server URLs to minimize the risk of exploitation.

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2023-0093

Produtos afetados

Okta Advanced Server Access Client

PT-2023-16008 · Okta · Okta Advanced Server Access Client

CVE-2023-0093

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4