CVE-2023-48654 : Exploit Details and Defense Strategies

A detailed look into the Kiosk Escape vulnerability in One Identity Password Manager before version 5.13.1.

Understanding CVE-2023-48654

This vulnerability allows an attacker to escape the kiosk mode in the Password Manager and execute commands as NT AUTHORITY\SYSTEM.

What is CVE-2023-48654?

The CVE-2023-48654 vulnerability exists in One Identity Password Manager before 5.13.1, allowing an attacker to escape the kiosk mode and execute commands as NT AUTHORITY\SYSTEM.

The Impact of CVE-2023-48654

An attacker can take advantage of this vulnerability to gain unauthorized access and potentially escalate privileges in the system.

Technical Details of CVE-2023-48654

A breakdown of the vulnerability in One Identity Password Manager before version 5.13.1

Vulnerability Description

One Identity Password Manager before 5.13.1 enables users to reset Active Directory passwords on the Windows login screen using a Chromium-based browser in Kiosk mode. The escape sequence involves a series of steps that allows an attacker to launch cmd.exe as NT AUTHORITY\SYSTEM.

Affected Systems and Versions

The vulnerability affects One Identity Password Manager versions before 5.13.1.

Exploitation Mechanism

The exploitation involves navigating to specific sections in the browser window and launching cmd.exe as NT AUTHORITY\SYSTEM.

Mitigation and Prevention

Steps to mitigate the CVE-2023-48654 vulnerability in One Identity Password Manager.

Immediate Steps to Take

Users should update One Identity Password Manager to version 5.13.1 or newer to mitigate the risk of exploitation.

Long-Term Security Practices

Implement network segmentation and least privilege access to limit the impact of potential attacks.

Patching and Updates

Regularly check for security updates from One Identity and apply patches promptly to ensure system security.