CVE-2023-25069

Last Updated: March 29, 2024

CVE ID: CVE-2023-25069

Published: March 28, 2024

Modified: March 29, 2024

Severity: High

Affected Products

Vendor: TXOne Networks

Product: Stellar before V2.0.1160

Vulnerability Type: Improper Access Control / Privilege Escalation

Vulnerability Description

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro TXOne StellarOne. Authentication is required to exploit this vulnerability. The specific flaw exists within the Account endpoint. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.

Solution

Fixed in version: V2.1.1127

Credit

Elias Martinez of MD Anderson Cancer Center

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT