CVE-2023-6335 is a vulnerability classified under CWE-59, which pertains to Improper Link Resolution Before File Access, commonly known as 'Link Following'. This issue affects the HYPR Workforce Access product on Windows platforms, specifically versions before 8.7. The vulnerability allows an attacker with limited privileges (low privileges) to control the filename that the application accesses. This can lead to improper resolution of symbolic links or shortcuts, causing the application to access unintended files or directories. The vulnerability does not require user interaction but does require local access (attack vector: local). The CVSS 3.1 base score is 6.4, indicating a medium severity level. The vector string (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L) reveals that the attack requires high attack complexity and low privileges, no user interaction, and the scope is changed, meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact is primarily on integrity (I:H), with limited availability impact (A:L) and no confidentiality impact (C:N). This suggests that an attacker could manipulate or alter files or processes in a way that compromises the integrity of the system or application data, potentially leading to unauthorized modifications or execution of malicious code. No known exploits are currently in the wild, and no patches or mitigation links have been provided yet. The vulnerability arises from the application improperly resolving symbolic links or shortcuts before file access, which can be exploited by supplying a crafted filename that redirects the application to unintended files or locations.

For European organizations, this vulnerability poses a risk primarily to the integrity of systems using HYPR Workforce Access on Windows. Since Workforce Access is used for secure authentication and workforce identity management, exploitation could allow attackers to manipulate authentication workflows or escalate privileges by redirecting file access to malicious payloads or configuration files. This could lead to unauthorized changes in access controls or compromise of workforce identity data, potentially disrupting business operations and violating data protection regulations such as GDPR. The medium severity and requirement for local access mean that the threat is more relevant to insider threats or attackers who have already gained some foothold within the network. Organizations with large deployments of HYPR Workforce Access, especially in sectors with high regulatory scrutiny such as finance, healthcare, and critical infrastructure, may face increased risk of operational disruption or compliance issues if this vulnerability is exploited.

1. Immediate mitigation should include restricting local access to systems running HYPR Workforce Access to trusted users only, minimizing the risk of local exploitation. 2. Implement strict file system permissions and monitoring to detect unusual symbolic link creations or file access patterns that could indicate exploitation attempts. 3. Employ application whitelisting and integrity monitoring tools to detect unauthorized file modifications or executions related to Workforce Access. 4. Regularly audit and harden the configuration of Workforce Access installations, ensuring that only necessary components and services are enabled. 5. Coordinate with HYPR for timely updates and patches; since no patch links are currently available, monitor vendor advisories closely. 6. Consider deploying endpoint detection and response (EDR) solutions capable of identifying suspicious local activities related to file access and link resolution. 7. Educate internal IT and security teams about the nature of link following vulnerabilities to improve incident response readiness.