CVE-2023-28346

Exploit

EPSS 0.09%
Veröffentlicht 31.05.2023 00:15:09
Zuletzt bearbeitet 14.01.2025 15:15:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Faronics ≫ Insight Version10.0.19045

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	2.1	5.2	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	2.1	5.2	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://research.nccgroup.com/?research=Technical%20advisories

Third Party Advisory

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

Third Party Advisory

Exploit

Release Notes

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-28346

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28346

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28346

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28346