Vulnerability in Faronics Insight on Windows Allows Unauthorized Access to Teacher Console
CVE-2023-28352

7.4HIGH

Key Information:

Vendor: Faronics
Status: Insight
Vendor: CVE Published:; 31 May 2023

What is CVE-2023-28352?

A vulnerability has been identified in Faronics Insight 10.0.19045 on Windows, which allows an attacker to exploit the Insight UDP broadcast discovery mechanism. By leveraging an attacker-controlled artificial Student Console, unauthorized connections to the Teacher Console can be established, circumventing security measures even when Enhanced Security Mode is activated.

References

https://research.nccgroup.com/?research=Technical%20advis...

https://research.nccgroup.com/2023/05/30/technical-adviso...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2023
Vulnerability Reserved
Mar 14, 2023