PT-2025-52525 · Unknown+1 · Activefaxservicent+2
Birkan Alhan
·
Published
2025-12-19
·
Updated
2025-12-20
·
CVE-2023-53954
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ActFax version 10.10
Description
The software contains an unquoted service path vulnerability that may allow local attackers to escalate privileges. Specifically, the issue relates to the configuration of the ActiveFaxServiceNT service. Attackers possessing write permissions to Program Files directories can potentially inject a malicious ActSrvNT.exe executable. When the service restarts, this could grant the attacker elevated system access.
Recommendations
Ensure the service path for ActiveFaxServiceNT is properly quoted.
Restrict write access to Program Files directories to authorized personnel only.
Exploit
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Actfax
Actsrvnt.Exe
Activefaxservicent