← voltar
CVE-2023-28345

CVE-2023-28345

CVSS 4.6 MEDIUMEPSS 0.3%CWE-312
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
30 mai 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher's password. This enables them to log into the Teacher Console and begin trivially attacking student machines.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/https://research.nccgroup.com/?research=Technical%20advisories