Vulnerabilities > CVE-2023-50159 - Unspecified vulnerability in Scalefusion 10.5.2

CVSS 8.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

scalefusion

NVD

Published: 2024-01-11

Updated: 2024-11-21

Summary

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

Vulnerable Configurations

Part	Description	Count
Application	Scalefusion Scalefusion Scalefusion 10.5.2	1

References

https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59