CVE-2023-28348
HIGHFaronics Insight 10.0.19045 - Cleartext Transmission of Sensitive Information
Title source: llmDescription
An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students.
References (2)
Core 2
Core References
Exploit, Mitigation, Release Notes, Third Party Advisory
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
Third Party Advisory
https://research.nccgroup.com/?research=Technical%20advisories
Scores
CVSS v3
7.4
EPSS
0.0044
EPSS Percentile
35.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-319
Status
published
Products (1)
faronics/insight
10.0.19045
Published
May 31, 2023
Tracked Since
Feb 18, 2026