Is CVE-2023-51772 actively exploited?

CVE-2023-51772 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-51772?

CVE-2023-51772 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2023-51772?

Patch guidance is available from oneidentity security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-51772.

Which products are affected by CVE-2023-51772?

1 product: oneidentity password manager.

Fix CVE-2023-51772 - HIGH oneidentity password manager

Description

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-613 CWE-613

Metadata

Primary Vendor: ONEIDENTITY
Published: 12/25/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

oneidentity : password_manager

Remediation Guidance

Executive Summary

Cite this page

CVE-2023-51772. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2023-51772

View on NIST NVD

CVE-2023-51772 vulnerability