PatchSiren cyber security CVE debrief
CVE-2023-4664 Saphira CVE debrief
CVE-2023-4664 is a high-severity privilege escalation vulnerability affecting Adobe Connect versions before 9.0. The issue is described as incorrect default permissions, and the NVD record maps it to CWE-276. Organizations running affected versions should treat it as a serious access-control weakness because successful abuse could allow a low-privileged user to gain higher privileges. The CVE was published on 2023-09-15; later NVD modification dates do not change the original disclosure timing.
- Vendor
- Saphira
- Product
- Saphira Connect
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-09-15
- Original CVE updated
- 2026-05-21
- Advisory published
- 2023-09-15
- Advisory updated
- 2026-05-21
Who should care
Adobe Connect administrators, identity and access management teams, security operations, and any organization still running Adobe Connect versions before 9.0 should prioritize this CVE. It is especially relevant where Connect is exposed to internal users with non-admin accounts or where privilege boundaries matter for administrative actions.
Technical summary
The NVD record identifies CVE-2023-4664 as an incorrect default permissions issue in Adobe Connect, with vulnerable versions ending before 9.0. The published CVSS v3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network reachability, low attack complexity, and meaningful impact if abused. The weakness classification is CWE-276. Based on the supplied record, the core risk is privilege escalation through weak default permission handling rather than code execution.
Defensive priority
High. The combination of network attackability, low complexity, low required privileges, and high impact makes this a strong candidate for expedited remediation, especially on internet-facing or broadly accessible Connect deployments.
Recommended defensive actions
- Confirm whether Adobe Connect is deployed in your environment and inventory all instances.
- Check installed versions and identify any instance before 9.0 as affected per the supplied record.
- Prioritize upgrading to a vendor-supported fixed release or otherwise removing exposure from affected systems.
- Review Connect role assignments, default permission settings, and administrative group membership for overly broad access.
- Monitor for unexpected privilege changes or creation of high-privilege accounts around affected deployments.
- If immediate remediation is not possible, restrict access to trusted networks and limit who can reach administrative interfaces.
Evidence notes
This debrief is based on the supplied NVD metadata for CVE-2023-4664 and the referenced USOM advisory links. The record states an incorrect default permissions issue in Adobe Connect, with vulnerable versions before 9.0, CVSS 8.8, and CWE-276. The original CVE publication date is 2023-09-15. A later NVD modified timestamp of 2026-05-21 was provided, but it is not treated as the issue date.
Official resources
-
CVE-2023-4664 CVE record
CVE.org
-
CVE-2023-4664 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly disclosed on 2023-09-15. No KEV listing was provided in the supplied data.