Login Sign Up

CVE-2023-1489

7.8 HIGH

📋 TL;DR

This vulnerability in Wise System Monitor allows local attackers to bypass access controls through improper handling of IoControlCode in the WiseHDInfo64.dll library. Attackers with local access can potentially escalate privileges or execute arbitrary code. Only users of WiseCleaner Wise System Monitor 1.5.3.54 are affected.

💻 Affected Systems

Products:
  • Lespeed WiseCleaner Wise System Monitor
Versions: 1.5.3.54
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the 64-bit version due to WiseHDInfo64.dll. Requires local access to the system.

📦 What is this software?

Wise System Monitor by Wisecleaner

View all CVEs affecting Wise System Monitor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to SYSTEM-level access, enabling complete system compromise, data theft, and persistence establishment.

🟠

Likely Case

Local privilege escalation allowing attackers to gain administrative privileges on the affected system.

🟢

If Mitigated

Limited impact if proper access controls restrict local user privileges and application runs with minimal permissions.

🌐 Internet-Facing: LOW - This is a local-only vulnerability requiring physical or remote desktop access to the system.
🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to escalate privileges and move laterally within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit code is publicly available on GitHub. Attack requires local user access but no authentication beyond that.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider uninstalling the software or applying workarounds.

🔧 Temporary Workarounds

Uninstall Wise System Monitor

windows

Remove the vulnerable software completely from affected systems

Control Panel > Programs > Uninstall a program > Select Wise System Monitor > Uninstall

Restrict DLL permissions

windows

Modify permissions on WiseHDInfo64.dll to prevent execution

icacls "C:\Program Files\Wise\Wise System Monitor\WiseHDInfo64.dll" /deny Everyone:(RX)

🧯 If You Can't Patch

  • Implement strict local access controls and monitor for privilege escalation attempts
  • Run Wise System Monitor with minimal user privileges (not as administrator)

🔍 How to Verify

Check if Vulnerable:

Check if Wise System Monitor version 1.5.3.54 is installed: Look in Programs and Features or check file version of WiseHDInfo64.dll

Check Version:

wmic product where name="Wise System Monitor" get version

Verify Fix Applied:

Verify Wise System Monitor is uninstalled or WiseHDInfo64.dll has restricted permissions

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Wise System Monitor
  • Access denied errors for WiseHDInfo64.dll if permissions restricted

Network Indicators:

  • No network indicators - local exploit only

SIEM Query:

Process creation where parent_process contains "Wise System Monitor" and process_name contains "cmd.exe" or "powershell.exe"

📊 Metadata

CVE ID: CVE-2023-1489
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-284
Published: March 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1489, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)