CVE-2023-5593

Name of the Vulnerable Software and Affected Versions SecuExtender SSL VPN Client version 4.0.4.0

Description The issue is related to an out-of-bounds write vulnerability in the SecuExtender SSL VPN Client software. This vulnerability could allow an authenticated local user to gain privilege escalation by sending a crafted CREATE message. The vulnerability is associated with a buffer overflow in memory, which can be exploited to elevate privileges.

Recommendations For version 4.0.4.0, consider restricting access to the CREATE message functionality until a patch is available. As a temporary workaround, disabling the vulnerable component related to the out-of-bounds write vulnerability may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.