Security Patch Update for Secret Server 11.3.000003 - 20230209001

Overview

The WA SOC has been notified of an unauthorised access vulnerability found for Privileged Access Management (PAM) solution, Secret Server. The vulnerability allows an authenticated attacker to bypass authorisation boundaries.

What is the vulnerability?

This issue is rated High with an 8.5 Common Vulnerability Scoring System (CVSS v3.1) score with vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.

NOTE from Vendor's Article:

• The vulnerability is not publicly known and was responsibly disclosed through internal communication channels. There have been no detected exploitation attempts against Secret Server Cloud or On-Premises, prior to the publication of this article.

What is vulnerable?

The vulnerability affects all versions prior to the February 2023 Security Patch for Secret Server Cloud and Secret Server On-Premises.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices as soon as possible: https://docs.delinea.com/bulletins/current/2023/11.3.000003.md

Additional References

• https://docs.delinea.com/bulletins/current/2023/11.3.000003.md
• https://delinea.com/products/secret-server
• https://cve.mitre.org/