























Okta Advanced Server Access Client versions 1.13.1 through 1.68.1 are vulnerable to command injection due to the third-party library webbrowser.
Okta’s Advanced Server Access customers that have currently installed or previously had installed versions 1.13.1 through 1.68.1 of the Okta Advanced Server Access Client.
The vulnerability is fixed in Okta Advanced Server Access Client version 1.68.2 To remediate this vulnerability, upgrade to 1.68.2 or greater.
An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.
CVE ID | |
Published Date | 2023-02-22 |
Vulnerability Type | OS Command Injection |
CWE | CWE-78 |
CVSS v3 | Score: 7.5 Vector string: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Okta would like to thank Tao Sauvage from Anvil Secure for assistance on this finding.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。