CVE-2023-28353

Published: May 31, 2023Modified: Jan 13, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.

Affected (1)

Products: Faronics: Insight

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Faronics Insight	Version 10.0.19045

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

Source: cve@mitre.org

ExploitThird Party Advisory

https://research.nccgroup.com/?research=Technical%20advisories

Source: cve@mitre.org

Third Party Advisory

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://research.nccgroup.com/?research=Technical%20advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.