CVE-2023-53954

MEDIUM 6.2

ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability

CVSS Score

6.2

EPSS Score

0.0%

EPSS Percentile

0th

ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.

CWE	CWE-428
Vendor	actfax
Product	actfax
Published	Dec 19, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for actfax actfax

Be the first to know when new medium vulnerabilities affecting actfax actfax are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Actfax / ActFax

10.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51332 actfax.com: https://www.actfax.com vulncheck.com: https://www.vulncheck.com/advisories/actfax-unquoted-path-services-privilege-escalation-vulnerability

Credits

Birkan ALHAN