CVE-2023-28349

Exploit

EPSS 0.69%
Veröffentlicht 31.05.2023 00:15:09
Zuletzt bearbeitet 13.01.2025 22:15:09
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Faronics ≫ Insight Version10.0.19045

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.714

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://research.nccgroup.com/?research=Technical%20advisories

Third Party Advisory

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

Third Party Advisory

Exploit

Release Notes

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-28349

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28349

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28349

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28349