HomepageOkta logo

Okta LDAP Agent CVE-2023-0392

View all security advisories

Description

The LDAP Agent Update service used an unquoted path, which could allow arbitrary code execution.

Affected product and versions

Okta’s LDAP Agent customers that have currently installed or previously had installed versions prior to 5.18 of the Okta LDAP Agent.

Resolution

The vulnerability is fixed in Okta LDAP Agent version 5.18. To remediate this vulnerability, upgrade to 5.18 or greater.

Severity details

The LDAP Agent Update service makes use of an unquoted path. A user with sufficiently high privileges, normally an administrator, could place an arbitrary executable into a portion of the path, which would cause it to be run the next time the agent starts.

CVE details

CVE ID

CVE-2023-0392

Published Date

2023-09-19

Vulnerability Type

Unquoted Search Path or Element

CWE

CWE-428

CVSS v3

Score:3.9

Vector string:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

References

Install the Okta LDAP Agent

Okta LDAP Agent version history

  • Okta.com
  • Privacy
  • Security Advisories
  • Security Blog

© 2024 Okta, Inc. All rights reserved.