CVE-2023-53954

MEDIUM

ActFax 10.10 - Privilege Escalation

Title source: llm

Description

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.

Exploits (1)

exploitdb WRITEUP
by Birkan ALHAN · textlocalwindows
https://www.exploit-db.com/exploits/51332

References (3)

Scores

CVSS v3 6.2
EPSS 0.0002
EPSS Percentile 5.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-428
Status published
Products (1)
Actfax/ActFax 10.10
Published Dec 19, 2025
Tracked Since Feb 18, 2026