{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53954","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-19T14:03:57.723Z","datePublished":"2025-12-19T21:05:51.817Z","dateUpdated":"2026-04-07T14:08:10.412Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-04-07T14:08:10.412Z"},"title":"ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability","descriptions":[{"lang":"en","value":"ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Unquoted Search Path or Element","cweId":"CWE-428","type":"CWE"}]}],"affected":[{"vendor":"Actfax","product":"ActFax","versions":[{"version":"10.10","status":"affected"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:actfax:actfax:10.10:*:*:*:*:*:*:*"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/51332","name":"ExploitDB-51332","tags":["exploit"]},{"url":"https://www.actfax.com","name":"Official Product Homepage","tags":["product"]},{"name":"VulnCheck Advisory: ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/actfax-unquoted-path-services-privilege-escalation-vulnerability"}],"credits":[{"lang":"en","value":"Birkan ALHAN","type":"finder"}],"x_generator":{"engine":"vulncheck"},"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.5,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":6.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"datePublic":"2023-04-08T00:00:00.000Z"},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-19T21:56:13.243569Z","id":"CVE-2023-53954","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-19T21:56:44.200Z"}}]}}