Home

Description

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.

PUBLISHED Reserved 2025-12-19 | Published 2025-12-19 | Updated 2025-12-19 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Unquoted Search Path or Element

Product status

10.10
affected

Credits

Birkan ALHAN finder

References

www.exploit-db.com/exploits/51332 (ExploitDB-51332) exploit

www.actfax.com (Official Product Homepage) product

www.vulncheck.com/...ices-privilege-escalation-vulnerability (VulnCheck Advisory: ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability) third-party-advisory

cve.org (CVE-2023-53954)

nvd.nist.gov (CVE-2023-53954)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.