Login Sign Up

CVE-2023-25069

8.8 HIGH

📋 TL;DR

CVE-2023-25069 is an improper access control vulnerability in TXOne StellarOne that allows authenticated low-privileged users to escalate their privileges to administrator level. This affects all versions before V2.0.1160, enabling attackers to perform unauthorized actions on the system. Organizations using vulnerable TXOne StellarOne deployments are at risk.

💻 Affected Systems

Products:
  • TXOne StellarOne
Versions: All versions before V2.0.1160
Operating Systems: Not specified - likely appliance-based
Default Config Vulnerable: ⚠️ Yes
Notes: Requires an attacker to first obtain low-privileged authenticated access to the system.

📦 What is this software?

Txone Stellarone by Trendmicro

View all CVEs affecting Txone Stellarone →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full administrative control over the TXOne StellarOne system, potentially compromising connected industrial control systems, manipulating security policies, and disabling security controls.

🟠

Likely Case

Attackers with initial low-privileged access escalate to administrator privileges, allowing them to modify security configurations, access sensitive data, and potentially pivot to connected industrial networks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the StellarOne management system itself, preventing lateral movement to critical industrial assets.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but privilege escalation mechanism appears straightforward based on advisory descriptions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2.0.1160 or later

Vendor Advisory: https://success.trendmicro.com/solution/000292486

Restart Required: Yes

Instructions:

1. Download V2.0.1160 or later from Trend Micro support portal. 2. Backup current configuration. 3. Apply the update through the StellarOne management interface. 4. Restart the system as prompted. 5. Verify successful update and functionality.

🔧 Temporary Workarounds

Restrict Access Controls

all

Implement strict access controls to limit who can authenticate to the StellarOne system.

Network Segmentation

all

Isolate StellarOne management interface from general network access.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate StellarOne from critical industrial networks
  • Enforce multi-factor authentication and strong credential policies for all StellarOne accounts

🔍 How to Verify

Check if Vulnerable:

Check StellarOne version in web interface or via SSH: System > About or similar menu

Check Version:

Check via web interface: System > About or login via SSH and check version file

Verify Fix Applied:

Verify version is V2.0.1160 or later in system information

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events
  • Multiple failed authentication attempts followed by successful admin access
  • Configuration changes from non-admin accounts

Network Indicators:

  • Unusual authentication patterns to StellarOne interface
  • Traffic from low-privilege accounts performing administrative actions

SIEM Query:

source="stellarone" AND (event_type="privilege_escalation" OR user_role_change="true")

📊 Metadata

CVE ID: CVE-2023-25069
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: March 22, 2023
Last Updated: February 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON