CVE-2023-7016

HIGH

Thales SafeNet Authentication Client < 10.8 R10 - Privilege Escalation to SYSTEM via Local Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-7016. PoCs published by ewilded.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-7016, targeting a race condition in Thales SafeNet Authentication Client's msiexec repair mode to achieve local privilege escalation (LPE). The exploit dynamically identifies and overwrites a temporary executable file (wacXXXX.tmp) with a malicious payload (raw.exe) during the installation process.

Description

A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.

Exploits (1)

nomisec WORKING POC 1 stars

by ewilded · poc

https://github.com/ewilded/CVE-2023-7016-POC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-7016, targeting a race condition in Thales SafeNet Authentication Client's msiexec repair mode to achieve local privilege escalation (LPE). The exploit dynamically identifies and overwrites a temporary executable file (wacXXXX.tmp) with a malicious payload (raw.exe) during the installation process.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Thales SafeNet Authentication Client (Flexera InstallShield-based installer)

No auth needed

Prerequisites: Thales SafeNet Authentication Client installed · Access to the target system to execute the exploit · Compiled payload (raw.exe)

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Product

https://supportportal.thalesgroup.com

Scores

CVSS v3 7.8

EPSS 0.0034

EPSS Percentile 25.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

thalesgroup/safenet_authentication_client 10.8 (6 CPE variants)

thalesgroup/safenet_authentication_client < 10.8

Published Feb 27, 2024

Tracked Since Feb 18, 2026