CVE-2023-5993 – A local privilege escalation vulnerability in T... (How to Fix)

Q: What is the severity of CVE-2023-5993?

CVE-2023-5993 has a CVSS score of 7.8 (HIGH). A local privilege escalation vulnerability in Thales SafeNet Authentication Client for Windows allows attackers with local access to elevate their privileges to SYSTEM level. This affects Windows systems running SafeNet Authentication Client versions prior to 10.8 R10. Attackers need local access to exploit this flaw.

📋 TL;DR

A local privilege escalation vulnerability in Thales SafeNet Authentication Client for Windows allows attackers with local access to elevate their privileges to SYSTEM level. This affects Windows systems running SafeNet Authentication Client versions prior to 10.8 R10. Attackers need local access to exploit this flaw.

💻 Affected Systems

Products:

Thales SafeNet Authentication Client

Versions: All versions prior to 10.8 R10

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations. Requires local access to system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains SYSTEM privileges, enabling complete system compromise, credential theft, persistence establishment, and lateral movement capabilities.

🟠

Likely Case

Local attacker elevates from standard user to administrator/SYSTEM privileges to install malware, modify system configurations, or access protected resources.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to isolated systems with no critical data exposure.

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable over network.

🏢 Internal Only: HIGH - Local privilege escalation enables attackers with initial access to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Local access required. Exploit likely involves manipulating Windows Installer processes.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.8 R10 or later

Vendor Advisory: https://supportportal.thalesgroup.com

Restart Required: Yes

Instructions:

1. Download SafeNet Authentication Client 10.8 R10 or later from Thales support portal. 2. Run installer with administrative privileges. 3. Follow installation wizard. 4. Restart system when prompted.

🔧 Temporary Workarounds

Restrict local access

windows

Limit physical and remote local access to affected systems

Apply least privilege

windows

Ensure users operate with minimal necessary privileges

🧯 If You Can't Patch

Implement strict access controls and monitor for privilege escalation attempts
Isolate affected systems from critical network segments and data

🔍 How to Verify

Check if Vulnerable:

Check SafeNet Authentication Client version in Control Panel > Programs and Features

Check Version:

wmic product where name="SafeNet Authentication Client" get version

Verify Fix Applied:

Verify version is 10.8 R10 or later in installed programs list

📡 Detection & Monitoring

Log Indicators:

Windows Installer process execution with unusual parameters
Privilege escalation attempts in Windows Security logs

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=4688 AND ProcessName="msiexec.exe" AND CommandLine CONTAINS "SafeNet"

📊 Metadata

CVE ID: CVE-2023-5993

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: February 27, 2024

Last Updated: March 4, 2025

🔗 References

https://supportportal.thalesgroup.com Product
https://supportportal.thalesgroup.com Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5993, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Safenet Authentication Client by Thalesgroup

Safenet Authentication Client by Thalesgroup

Safenet Authentication Client by Thalesgroup

Safenet Authentication Client by Thalesgroup

Safenet Authentication Client by Thalesgroup

Safenet Authentication Client by Thalesgroup

Safenet Authentication Client by Thalesgroup

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local access

Apply least privilege

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities