CVE-2023-53954
Unquoted Service Path in ActFax 10.10 Enables Privilege Escalation
Publication date: 2025-12-19
Last updated on: 2025-12-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| actfax | actfax | 10.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53954 is a privilege escalation vulnerability in ActFax version 10.10 caused by an unquoted service path in the ActiveFaxServiceNT service configuration. This flaw allows local attackers who have write permissions to directories under Program Files to place a malicious executable named ActSrvNT.exe. When the service restarts, it executes this malicious executable with elevated system privileges, enabling the attacker to escalate their privileges on the affected system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with write access to certain directories to escalate their privileges to system-level access by injecting and executing a malicious executable when the vulnerable service restarts. This can lead to unauthorized control over the affected system, compromising its confidentiality, integrity, and availability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by querying the service configuration of ActiveFaxServiceNT to check for unquoted service paths. Suggested commands include: `sc qc ActiveFaxServiceNT` to query the service configuration, and using Windows Management Instrumentation Command-line (WMIC) queries to identify unquoted service paths with auto-start mode excluding system paths. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting write permissions to the Program Files directories, especially the folder containing ActiveFax (e.g., C:\Program Files\ActiveFax), to prevent attackers from placing a malicious ActSrvNT.exe executable. Additionally, ensure the service executable path is properly quoted to prevent exploitation. Restarting the ActiveFaxServiceNT service after remediation is also necessary to avoid execution of malicious code. [1, 2]