CVE-2023-53949
Unknown Unknown - Not Provided

Binary Permission Vulnerability in AspEmail 5.6.0.2 Enables Privilege Escalation

Vulnerability report for CVE-2023-53949, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: VulnCheck

Description

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-07-06
AI Q&A
2025-12-19
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
persits_software emailagent *
persits_software aspemail 5.6.0.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2023-53949 is a local privilege escalation vulnerability in AspEmail 5.6.0.2 caused by insecure permissions on the BIN directory where the Persits Software EmailAgent service binaries reside. Local users have full write permissions to this directory, allowing them to replace the legitimate service executable with a malicious one. When the service restarts, the malicious executable runs with elevated LocalSystem privileges, enabling the attacker to gain full control over the system. [2, 3]

Impact Analysis

This vulnerability allows an attacker with local access to escalate their privileges to LocalSystem by replacing the EmailAgent service executable with a trojanized version. The attacker can execute arbitrary code with high system privileges, potentially leading to full system compromise, unauthorized data access, persistence on the system, and evasion of detection by disguising the malicious executable as the original. [2, 3]

Detection Guidance

You can detect this vulnerability by checking the permissions of the BIN directory where the AspEmail EmailAgent service binaries reside, typically at C:\Program Files (x86)\Persits Software\AspEmail\BIN. Look for overly permissive write permissions granted to 'Everyone' or non-administrative users. Commands to check permissions include: 1) Using PowerShell: Get-Acl 'C:\Program Files (x86)\Persits Software\AspEmail\BIN' | Format-List 2) Using icacls: icacls "C:\Program Files (x86)\Persits Software\AspEmail\BIN" 3) To check running service and process: sc query "Persits Software EmailAgent" and tasklist /FI "IMAGENAME eq EmailAgent.exe" or EmailAgent64.exe. If the BIN directory has full write permissions for non-admin users, the system is vulnerable. [2, 3]

Mitigation Strategies

Immediate mitigation steps include: 1) Restrict write permissions on the BIN directory of the AspEmail installation to prevent non-administrative users from modifying or replacing service executables. Remove 'Everyone' or any non-admin full control permissions. 2) Stop the Persits Software EmailAgent service before applying permission changes. 3) After correcting permissions, restart the service to ensure it runs with the correct binaries. 4) Review and monitor the BIN directory for unauthorized changes. 5) Consider applying any available updates or patches from the vendor that address this issue. These steps prevent unauthorized replacement of the EmailAgent.exe executable and block privilege escalation. [2, 3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53949. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart