CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.1%

CVSS Severity

CVSS v3 Score 8.8

References

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories

Products affected by CVE-2023-28353

Faronics » Insight » Version: 10.0.19045

cpe:2.3:a:faronics:insight:10.0.19045
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28353

Products

Pricing

Contact Us