Access Manager privilege escalation CVE-2023-23592 

February 2023

Access Manager privilege escalation CVE-2023-23592


A vulnerability has been discovered in the WALLIX Access Manager product that may allow an attacker to access sensitive information. The attacker could use this vulnerability to gain illegitimate accesses. 

WALLIX recommends to immediately apply the published fixes, or before it is applied, the workaround described below.

Affected Products

All versions of WALLIX Access Manager.


The following article of our knowledge base provides you with the workaround procedure.


Fixed Software

Hotfixes versions are available on our download portal:

·       Version 3.0.16  

·       Version 4.0.3

Exploitation and Public Announcements

WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. However, it is recommended to look for any abnormal activity on the WALLIX Bastions that are connected to WALLIX Access Manager. In particular it is recommended to look for unusual IP used by privileged users that may be used by multiple user accounts.


Internal security checks