Login Sign Up

CVE-2023-1164

8.4 HIGH
Authentication Bypass

📋 TL;DR

This critical vulnerability in KylinSoft kylin-activation on KylinOS allows local attackers to bypass authorization controls through file import functionality. Attackers with local access can exploit improper authorization to potentially gain unauthorized privileges or access. Only KylinOS systems with the vulnerable kylin-activation component are affected.

💻 Affected Systems

Products:
  • KylinSoft kylin-activation
Versions: Versions before 1.3.11-23 and 1.30.10-5.p23
Operating Systems: KylinOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with kylin-activation component installed; requires local access to exploit

📦 What is this software?

Kylin Os by Kylinos

View all CVEs affecting Kylin Os →

Kylin Os by Kylinos

View all CVEs affecting Kylin Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, data theft, or persistence establishment

🟠

Likely Case

Unauthorized access to sensitive files or system resources by local users

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place

🌐 Internet-Facing: LOW (requires local access, not remotely exploitable)
🏢 Internal Only: HIGH (local attackers can exploit this vulnerability on affected systems)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit has been publicly disclosed; requires local access but no authentication; considered easy to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.11-23 or 1.30.10-5.p23

Vendor Advisory: Not provided in CVE details

Restart Required: Yes

Instructions:

1. Update kylin-activation package to version 1.3.11-23 or 1.30.10-5.p23 using KylinOS package manager. 2. Restart affected services or the system. 3. Verify the update was successful.

🔧 Temporary Workarounds

Restrict local access

linux

Limit local user access to systems with vulnerable kylin-activation component

Implement strict access controls and user privilege management

Disable vulnerable component

linux

Temporarily disable kylin-activation if not essential

systemctl stop kylin-activation
systemctl disable kylin-activation

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges
  • Monitor system logs for unauthorized file import activities and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check kylin-activation version: rpm -q kylin-activation or dpkg -l | grep kylin-activation

Check Version:

rpm -q kylin-activation --queryformat '%{VERSION}-%{RELEASE}\n'

Verify Fix Applied:

Verify installed version is 1.3.11-23 or 1.30.10-5.p23 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized file import attempts
  • Privilege escalation events
  • Abnormal kylin-activation process behavior

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

Process creation where parent process is kylin-activation with suspicious arguments OR File access events from kylin-activation to sensitive locations

📊 Metadata

CVE ID: CVE-2023-1164
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-285
Published: March 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1164, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)
CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)
CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)