Login Sign Up

CVE-2023-50975

8.4 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in TD Bank's TD Advanced Dashboard client for macOS allows arbitrary code execution because the application doesn't disable the ELECTRON_RUN_AS_NODE environment variable in production builds. This enables attackers to execute arbitrary Node.js code within the application context, potentially accessing sensitive banking information. Only macOS users of the TD Advanced Dashboard client are affected.

💻 Affected Systems

Products:
  • TD Bank TD Advanced Dashboard client
Versions: through 3.0.3
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects macOS versions of the TD Advanced Dashboard client. Requires local access or ability to execute code on the target system.

📦 What is this software?

Advanced Dashboard by Td

View all CVEs affecting Advanced Dashboard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of banking information including account credentials, transaction history, and personal data through arbitrary code execution within the banking application context.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to banking data stored or processed by the application.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and proper sandboxing, though code execution would still be possible.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the target system. The vulnerability is well-documented with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.0.4 or later

Vendor Advisory: https://www.electronjs.org/blog/statement-run-as-node-cves

Restart Required: Yes

Instructions:

1. Check current version of TD Advanced Dashboard. 2. Update to version 3.0.4 or later through the application's update mechanism or download from official TD Bank sources. 3. Restart the application.

🔧 Temporary Workarounds

Disable ELECTRON_RUN_AS_NODE

all

Set the ELECTRON_RUN_AS_NODE environment variable to 0 to prevent exploitation

export ELECTRON_RUN_AS_NODE=0

Application Sandboxing

all

Run the application in a sandboxed environment to limit potential damage

🧯 If You Can't Patch

  • Restrict application execution to users with minimal privileges
  • Monitor for unusual process activity or network connections from the TD Advanced Dashboard application

🔍 How to Verify

Check if Vulnerable:

Check if TD Advanced Dashboard version is 3.0.3 or earlier on macOS

Check Version:

Check application 'About' section or run: /Applications/TD\ Advanced\ Dashboard.app/Contents/MacOS/TD\ Advanced\ Dashboard --version

Verify Fix Applied:

Verify TD Advanced Dashboard version is 3.0.4 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual process spawns from TD Advanced Dashboard
  • Node.js processes running with TD Advanced Dashboard privileges

Network Indicators:

  • Unexpected network connections from TD Advanced Dashboard process

SIEM Query:

process_name:"TD Advanced Dashboard" AND (process_cmdline:"node" OR process_cmdline:"ELECTRON_RUN_AS_NODE")

📊 Metadata

CVE ID: CVE-2023-50975
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
Published: February 21, 2024
Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50975, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)