FEBRUARY 2023
Access Manager privilege escalation CVE-2023-23592
February 2023
Access Manager privilege escalation CVE-2023-23592
SUMMARY
A vulnerability has been discovered in the WALLIX Access Manager product that may allow an attacker to access sensitive information. The attacker could use this vulnerability to gain illegitimate accesses.
WALLIX recommends to immediately apply the published fixes, or before it is applied, the workaround described below.
Affected Products
All versions of WALLIX Access Manager.
Workarounds
The following article of our knowledge base provides you with the workaround procedure.
https://support.wallix.com/s/article/How-can-I-mitigate-CVE-2023-23592
Fixed Software
Hotfixes versions are available on our download portal:
Exploitation and Public Announcements
WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. However, it is recommended to look for any abnormal activity on the WALLIX Bastions that are connected to WALLIX Access Manager. In particular it is recommended to look for unusual IP used by privileged users that may be used by multiple user accounts.
Source
Internal security checks