CVE-2023-0093

HIGH

Okta Advanced Server Access Client <1.65.0 - Command Injection

Title source: llm

Description

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.

References (1)

Core 1

Core References

Vendor Advisory

https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2023-0093/

Scores

CVSS v3 8.8

EPSS 0.0110

EPSS Percentile 61.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

okta/advanced_server_access 1.13.1 - 1.68.2

Published Mar 06, 2023

Tracked Since Feb 18, 2026