CVE-2023-53954
Unknown Unknown - Not Provided
Unquoted Service Path in ActFax 10.10 Enables Privilege Escalation

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: VulnCheck

Description
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-20
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53954
EUVD
EUVD-2025-204605
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
actfax actfax 10.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53954 is a privilege escalation vulnerability in ActFax version 10.10 caused by an unquoted service path in the ActiveFaxServiceNT service configuration. This flaw allows local attackers who have write permissions to directories under Program Files to place a malicious executable named ActSrvNT.exe. When the service restarts, it executes this malicious executable with elevated system privileges, enabling the attacker to escalate their privileges on the affected system. [1, 2]

Impact Analysis

This vulnerability can allow a local attacker with write access to certain directories to escalate their privileges to system-level access by injecting and executing a malicious executable when the vulnerable service restarts. This can lead to unauthorized control over the affected system, compromising its confidentiality, integrity, and availability. [1, 2]

Detection Guidance

This vulnerability can be detected by querying the service configuration of ActiveFaxServiceNT to check for unquoted service paths. Suggested commands include: `sc qc ActiveFaxServiceNT` to query the service configuration, and using Windows Management Instrumentation Command-line (WMIC) queries to identify unquoted service paths with auto-start mode excluding system paths. [2]

Mitigation Strategies

Immediate mitigation steps include restricting write permissions to the Program Files directories, especially the folder containing ActiveFax (e.g., C:\Program Files\ActiveFax), to prevent attackers from placing a malicious ActSrvNT.exe executable. Additionally, ensure the service executable path is properly quoted to prevent exploitation. Restarting the ActiveFaxServiceNT service after remediation is also necessary to avoid execution of malicious code. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53954. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart