Login Sign Up

CVE-2023-4003

7.6 HIGH

📋 TL;DR

This vulnerability allows an unauthenticated attacker with physical access to a workstation running One Identity Password Manager 5.9.7.1 to escalate privileges to SYSTEM level. This affects organizations using this specific version of the password management software where workstations are accessible to potential attackers.

💻 Affected Systems

Products:
  • One Identity Password Manager
Versions: 5.9.7.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects version 5.9.7.1 specifically. Requires physical access to workstation.

📦 What is this software?

Password Manager by Oneidentity

View all CVEs affecting Password Manager →

Password Manager by Oneidentity

View all CVEs affecting Password Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, allowing installation of malware, credential theft, and persistent backdoor access to the entire system.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive credentials stored in the password manager and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if physical access controls prevent unauthorized workstation access and proper endpoint security is in place.

🌐 Internet-Facing: LOW - Requires physical access to workstation, not remotely exploitable.
🏢 Internal Only: HIGH - Physical access to internal workstations could lead to significant privilege escalation and credential compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical access but no authentication. The unspecified method suggests details are not publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 5.9.7.1 (check vendor advisory for specific version)

Vendor Advisory: https://www.gov.il/en/Departments/faq/cve_advisories

Restart Required: Yes

Instructions:

1. Check current version of One Identity Password Manager. 2. Download and install the latest version from official vendor sources. 3. Restart the system to complete installation.

🔧 Temporary Workarounds

Physical Access Controls

all

Implement strict physical security measures to prevent unauthorized access to workstations.

Endpoint Security Hardening

windows

Enable application whitelisting and restrict local privilege escalation capabilities.

🧯 If You Can't Patch

  • Implement strict physical security controls and workstation locking policies
  • Monitor for unusual privilege escalation events and restrict user permissions

🔍 How to Verify

Check if Vulnerable:

Check if One Identity Password Manager version is exactly 5.9.7.1

Check Version:

Check application properties or vendor documentation for version information

Verify Fix Applied:

Verify installed version is newer than 5.9.7.1

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Unauthorized SYSTEM level process creation

Network Indicators:

  • Local privilege escalation does not generate network traffic

SIEM Query:

EventID=4688 AND NewProcessName contains 'One Identity' AND SubjectUserName='SYSTEM'

📊 Metadata

CVE ID: CVE-2023-4003
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-250
Published: September 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4003, you might also want to check these:

CVE-2022-1517 10.0

CVE-2022-1517 is a critical vulnerability in LRM (likely a network management system) that allows un...

Same vulnerability type (CWE-250)
CVE-2025-32445 9.9

This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escal...

Same vulnerability type (CWE-250)
CVE-2024-8767 9.9

This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assign...

Same vulnerability type (CWE-250)