ADV-2023-002 - Local Privilege Escalation in Netwrix PolicyPak

netwrix-product-security · June 9, 2023, 2:00pm

Executive Summary

A vulnerability was discovered in the Netwrix PolicyPak Client-Side Extensions (CSE) that may allow an attacker to execute code locally to the affected system as the NT AUTHORITY\SYSTEM user. While Netwrix is not aware of any evidence of active exploitation of this vulnerability, consistent with standard coordinated disclosure practices technical details of this vulnerability will be published in the future which may subsequently increase the risk an adversary attempts to exploit the vulnerability.

Acknowledgements

We thank Dawson Medin of Mandiant for his coordinated disclosure of the vulnerability and his effort and partnership in improving the security of our products.

Vulnerability

Affected Component	Affected Versions	CVSS 3.1 Score (base / temporal)	Title	Description
Netwrix PolicyPak Client-Side Extensions	Prior to 23.6.3557.1230	8.4 / 7.6	Local Privilege Escalation in Netwrix PolicyPak Client-Side Extensions (CVE-2023-32765)	A local privilege escalation vulnerability in Netwrix PolicyPak Client-Side Extensions may enable an attacker to execute arbitrary code locally as NT AUTHORITY\SYSTEM.

Exploitability

Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgements about urgency and priority; customers should use the information below in making those decisions.

Title	Publicly known?	Exploit available?	Actively exploited?
Local Privilege Escalation in Netwrix PolicyPak Client-Side Extensions	Yes	Yes	No

Solution

All customers are advised to upgrade PolicyPak Client-Side Extensions to version 23.6.3557.1230 or later as soon as possible. Instructions for the upgrade process are available in the help center. Please contact the Netwrix technical support team should you need assistance.

Official Fixes

Updated software has been released containing official fixes as indicated in the table below.

Title	Version
Local Privilege Escalation in Netwrix PolicyPak Client-Side Extensions	Netwrix PolicyPak Client-Side Extensions 23.6.3557.1230

FAQ

How do I know if I’m using a component affected by the vulnerability?

This vulnerability affects all versions of the Netwrix PolicyPak Client-Side Extensions below 23.6.3557.1230 regardless of configuration.

Revisions

Updates to this advisory may be made as necessary. Information about each change will be published in the table below.

Revision	Date	Description
1	2023-06-09T14:00:00Z	First published

Disclaimer

The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.

Topic	Replies	Views
ADV-2025-007 - Vulnerabilities in Netwrix PolicyPak Cloud Client Security Advisories security-advisory	33	March 11, 2025
ADV-2025-003 - Exposure of Sensitive Information to an Unauthorized Actor in Netwrix Privilege Secure Security Advisories security-advisory	31	February 6, 2025
ADV-2022-002 - Vulnerabilities in Netwrix SbPAM Security Advisories security-advisory	16	May 2, 2022
ADV-2023-004 - Authentication Bypass in Netwrix Usercube Security Advisories security-advisory	25	September 26, 2023
ADV-2022-003 - Vulnerabilities in Netwrix Auditor Security Advisories security-advisory	28	June 6, 2022