CVE-2023-28346
Last modified
CVE-2023-28346 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Faronics | Insight | 10.0.19045 |
References
- https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/Exploit, Mitigation, Release Notes, Third Party Advisory
- https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory
- https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/Exploit, Mitigation, Release Notes, Third Party Advisory
- https://research.nccgroup.com/?research=Technical%20advisoriesThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28346?
How severe is CVE-2023-28346?
How do I fix CVE-2023-28346?
Are you affected by CVE-2023-28346?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST