Privilege Escalation via Local Account Permissions Override in XCC

Privilege Escalation via Local Account Permissions Override in XCC

CVE-2023-29057 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

Learn more about our User Device Pen Test.