CVE-2023-28353

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:54

Type Values Removed Values Added
References () https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/ - Exploit, Third Party Advisory () https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/ - Exploit, Third Party Advisory
References () https://research.nccgroup.com/?research=Technical%20advisories - Third Party Advisory () https://research.nccgroup.com/?research=Technical%20advisories - Third Party Advisory

13 Jun 2023, 16:04

Type Values Removed Values Added
CPE cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
First Time Faronics
Microsoft
Faronics insight
Microsoft windows
References (MISC) https://research.nccgroup.com/?research=Technical%20advisories - (MISC) https://research.nccgroup.com/?research=Technical%20advisories - Third Party Advisory
References (MISC) https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/ - (MISC) https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/ - Exploit, Third Party Advisory
CWE CWE-434
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

31 May 2023, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-31 00:15

Updated : 2024-11-21 07:54


NVD link : CVE-2023-28353

Mitre link : CVE-2023-28353

CVE.ORG link : CVE-2023-28353


JSON object : View

Products Affected

faronics

  • insight

microsoft

  • windows
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type