Login Sign Up

CVE-2023-5463

7.8 HIGH

📋 TL;DR

This is a critical local privilege escalation vulnerability in XINJE XDPPro software up to version 3.7.17a. It allows attackers with local access to execute arbitrary code with elevated privileges by exploiting an uncontrolled search path issue in cfgmgr32.dll. The vulnerability requires local access to the system.

💻 Affected Systems

Products:
  • XINJE XDPPro
Versions: Up to and including 3.7.17a
Operating Systems: Windows (based on DLL vulnerability)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in cfgmgr32.dll library component. Requires XDPPro software to be installed and running.

📦 What is this software?

Xdppro by Xinje

View all CVEs affecting Xdppro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of persistent malware, data theft, or system destruction.

🟠

Likely Case

Local privilege escalation enabling attackers to bypass security controls, install additional malware, or access restricted data.

🟢

If Mitigated

Limited impact if proper access controls prevent unauthorized local access and privilege separation is enforced.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or network access to the system.
🏢 Internal Only: HIGH - Attackers with internal network access or compromised user accounts can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit has been publicly disclosed. Attack requires local access to the system. CWE-427 indicates DLL hijacking/search order vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider upgrading to version beyond 3.7.17a if available, or implement workarounds.

🔧 Temporary Workarounds

Restrict DLL search path

windows

Configure Windows to use safe DLL search mode to prevent loading from current directory

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v SafeDllSearchMode /t REG_DWORD /d 1 /f

Remove unnecessary privileges

windows

Run XDPPro with minimal required privileges to limit impact

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized local access to affected systems
  • Monitor for suspicious DLL loading behavior and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check XDPPro version. If version is 3.7.17a or earlier, system is vulnerable.

Check Version:

Check XDPPro application properties or About dialog for version information

Verify Fix Applied:

Verify XDPPro version is greater than 3.7.17a or workarounds are properly implemented.

📡 Detection & Monitoring

Log Indicators:

  • Unusual DLL loading from non-standard paths
  • Process privilege escalation events
  • XDPPro process spawning unexpected child processes

Network Indicators:

  • Local network connections from XDPPro to unexpected destinations

SIEM Query:

Process Creation where (Image contains 'xdppro' OR ParentImage contains 'xdppro') AND (IntegrityLevel changed OR TokenElevationType changed)

📊 Metadata

CVE ID: CVE-2023-5463
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: October 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5463, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)