CVE-2023-28352

Published: May 31, 2023Modified: Jan 13, 2025

7.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.

Affected (1)

Products: Faronics: Insight

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Faronics Insight	Version 10.0.19045

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

Source: cve@mitre.org

ExploitThird Party Advisory

https://research.nccgroup.com/?research=Technical%20advisories

Source: cve@mitre.org

Third Party Advisory

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://research.nccgroup.com/?research=Technical%20advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.