CVE-2023-28349
HIGHFaronics Insight 10.0.19045 - Origin Validation Error
Title source: llmDescription
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution.
References (2)
Core 2
Core References
Exploit, Mitigation, Release Notes, Third Party Advisory
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
Third Party Advisory
https://research.nccgroup.com/?research=Technical%20advisories
Scores
CVSS v3
8.8
EPSS
0.0120
EPSS Percentile
64.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-346
Status
published
Products (1)
faronics/insight
10.0.19045
Published
May 31, 2023
Tracked Since
Feb 18, 2026