CVE-2023-42228 – This vulnerability allows low-privileged users ... (How to Fix)

Q: What is the severity of CVE-2023-42228?

CVE-2023-42228 has a CVSS score of 8.8 (HIGH). This vulnerability allows low-privileged users in Pat Infinite Solutions HelpdeskAdvanced to modify their own access control rules by accessing an administrative function. This can lead to privilege escalation where users grant themselves unauthorized permissions. Organizations using affected versions of this helpdesk software are at risk.

📋 TL;DR

This vulnerability allows low-privileged users in Pat Infinite Solutions HelpdeskAdvanced to modify their own access control rules by accessing an administrative function. This can lead to privilege escalation where users grant themselves unauthorized permissions. Organizations using affected versions of this helpdesk software are at risk.

💻 Affected Systems

Products:

Pat Infinite Solutions HelpdeskAdvanced

Versions: <= 11.0.33

Operating Systems: Any OS running the software

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with low-privileged user accounts are vulnerable. The vulnerability exists in the core application logic.

📦 What is this software?

Helpdeskadvanced by Zucchetti

View all CVEs affecting Helpdeskadvanced →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Low-privileged users could escalate to administrative privileges, gaining full control over the helpdesk system, accessing sensitive data, and potentially compromising the entire system.

🟠

Likely Case

Users with basic access could modify their permissions to access restricted functions, view sensitive tickets, or perform unauthorized administrative actions.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the helpdesk application itself, though privilege escalation within the system would still be possible.

🌐 Internet-Facing: HIGH - If the helpdesk is exposed to the internet, attackers could exploit this after obtaining low-privilege credentials through phishing or credential stuffing.

🏢 Internal Only: MEDIUM - Internal users with legitimate low-privilege accounts could exploit this to gain unauthorized access to sensitive helpdesk functions and data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated low-privilege access. Attackers need to understand the API endpoint and ACL structure to craft malicious requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version > 11.0.33

Vendor Advisory: Not specified in provided references

Restart Required: No

Instructions:

1. Upgrade to HelpdeskAdvanced version newer than 11.0.33. 2. Verify the patch is applied by checking version number. 3. Test that low-privileged users cannot access AclList/SaveAclRules endpoint.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to the helpdesk application to trusted networks only

Endpoint Monitoring

all

Monitor and block requests to AclList/SaveAclRules endpoint from non-admin users

🧯 If You Can't Patch

Implement strict network segmentation to isolate the helpdesk system
Apply principle of least privilege and regularly audit user permissions

🔍 How to Verify

Check if Vulnerable:

Check if HelpdeskAdvanced version is 11.0.33 or lower. Attempt to access AclList/SaveAclRules endpoint with low-privilege credentials.

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

After patching, verify version is >11.0.33 and test that low-privilege users cannot successfully call AclList/SaveAclRules endpoint.

📡 Detection & Monitoring

Log Indicators:

POST requests to AclList/SaveAclRules from non-admin users
Unusual permission changes in user audit logs

Network Indicators:

HTTP POST requests to /AclList/SaveAclRules endpoint

SIEM Query:

source="helpdesk_logs" AND (uri_path="/AclList/SaveAclRules" AND user_role!="admin")

📊 Metadata

CVE ID: CVE-2023-42228

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-281

EPSS Score: 0.16% exploit probability (37.2th percentile)

Published: January 13, 2025

Last Updated: April 17, 2025

🔗 References

https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42228, you might also want to check these: