Vulnerability Details : CVE-2023-28346
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.
Products affected by CVE-2023-28346
- cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28346
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28346
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.3
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.1
|
5.2
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-14 |
7.3
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.1
|
5.2
|
NIST |
CWE ids for CVE-2023-28346
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-28346
-
https://research.nccgroup.com/?research=Technical%20advisories
NCC Group Research – Making the world safer and more secureThird Party Advisory
-
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
Exploit;Mitigation;Release Notes;Third Party Advisory
Jump to