CVE-2023-0093: Command Injection
First published: Mon Mar 06 2023(Updated: )
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.
Credit: psirt@okta.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Okta Advanced Server Access | >=1.13.1<1.68.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-0093?
CVE-2023-0093 is a vulnerability in the Okta Advanced Server Access (ASA) Client versions 1.13.1 through 1.65.0 that allows for command injection.
How does CVE-2023-0093 affect Okta Advanced Server Access?
CVE-2023-0093 affects Okta Advanced Server Access by exposing it to command injection attacks due to the use of an outdated library.
What is the severity of CVE-2023-0093?
CVE-2023-0093 has a severity rating of 8.8, which is considered high.
How can CVE-2023-0093 be exploited?
To exploit CVE-2023-0093, an attacker would need to have access to the Okta Advanced Server Access Client and inject malicious commands.
How can I mitigate the CVE-2023-0093 vulnerability?
To mitigate the CVE-2023-0093 vulnerability, update the Okta Advanced Server Access Client to a version higher than 1.65.0.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/okta
- canonical/okta advanced server access
- version/okta advanced server access/1.13.1