CVE-2023-53949

Sažetak

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.

Reference

https://www.aspemail.com
https://www.exploit-db.com/exploits/51380
https://www.vulncheck.com/advisories/aspemail-local-privilege-escalation-via-binary-permission-vulnerability

CVSS

Base:	8.4
Impact:	5.9
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

23-12-2025 - 14:52

Objavljeno

19-12-2025 - 21:15