Vulnerabilities > CVE-2023-28352 - Incorrect Authorization vulnerability in Faronics Insight 10.0.19045

CVSS 7.4 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

faronics

CWE-863

NVD

Published: 2023-05-31

Updated: 2023-06-13

Summary

An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.

Vulnerable Configurations

Part	Description	Count
Application	Faronics Faronics Insight 10.0.19045	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
https://research.nccgroup.com/?research=Technical%20advisories