CVE-2023-53949
Binary Permission Vulnerability in AspEmail 5.6.0.2 Enables Privilege Escalation
Publication date: 2025-12-19
Last updated on: 2025-12-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| persits_software | emailagent | * |
| persits_software | aspemail | 5.6.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53949 is a local privilege escalation vulnerability in AspEmail 5.6.0.2 caused by insecure permissions on the BIN directory where the Persits Software EmailAgent service binaries reside. Local users have full write permissions to this directory, allowing them to replace the legitimate service executable with a malicious one. When the service restarts, the malicious executable runs with elevated LocalSystem privileges, enabling the attacker to gain full control over the system. [2, 3]
How can this vulnerability impact me? :
This vulnerability allows an attacker with local access to escalate their privileges to LocalSystem by replacing the EmailAgent service executable with a trojanized version. The attacker can execute arbitrary code with high system privileges, potentially leading to full system compromise, unauthorized data access, persistence on the system, and evasion of detection by disguising the malicious executable as the original. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the permissions of the BIN directory where the AspEmail EmailAgent service binaries reside, typically at C:\Program Files (x86)\Persits Software\AspEmail\BIN. Look for overly permissive write permissions granted to 'Everyone' or non-administrative users. Commands to check permissions include: 1) Using PowerShell: Get-Acl 'C:\Program Files (x86)\Persits Software\AspEmail\BIN' | Format-List 2) Using icacls: icacls "C:\Program Files (x86)\Persits Software\AspEmail\BIN" 3) To check running service and process: sc query "Persits Software EmailAgent" and tasklist /FI "IMAGENAME eq EmailAgent.exe" or EmailAgent64.exe. If the BIN directory has full write permissions for non-admin users, the system is vulnerable. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restrict write permissions on the BIN directory of the AspEmail installation to prevent non-administrative users from modifying or replacing service executables. Remove 'Everyone' or any non-admin full control permissions. 2) Stop the Persits Software EmailAgent service before applying permission changes. 3) After correcting permissions, restart the service to ensure it runs with the correct binaries. 4) Review and monitor the BIN directory for unauthorized changes. 5) Consider applying any available updates or patches from the vendor that address this issue. These steps prevent unauthorized replacement of the EmailAgent.exe executable and block privilege escalation. [2, 3]