Executive Risk Summary
"One Identity Password Manager before 5.13.1 is vulnerable to a Kiosk Escape, allowing an attacker to escalate privileges to NT AUTHORITY\SYSTEM. This vulnerability can be exploited by navigating through the Google ReCAPTCHA section and launching cmd.exe from a file explorer window."
Operational Audit Arsenal
Target Type Executable
Target Asset cmd.exe
Standard Path %windir%\System32
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: cmd.exe (Executable)
$Targets = 'cmd.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Likely
Moderate
Internal Work Notes
Kiosk Escape vulnerability in One Identity Password Manager allows privilege escalation to NT AUTHORITY\SYSTEM, patch to version 5.13.1 or later to mitigate
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttps://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension/
Official Advisoryhttps://www.oneidentity.com/products/password-manager/
Official Advisoryhttp://seclists.org/fulldisclosure/2023/Dec/17
Official Advisoryhttps://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension/
Official Advisoryhttps://www.oneidentity.com/products/password-manager/
Related One Identity Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.