CVE-2023-28349

HIGH

Faronics Insight - Origin Validation Error

Title source: rule

Description

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution.

References (2)

[Exploit, Mitigation, Release Notes, Third Party Advisory] https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

[Third Party Advisory] https://research.nccgroup.com/?research=Technical%20advisories

Scores

CVSS v3 8.8

EPSS 0.0069

EPSS Percentile 71.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-346

Status published

Affected Products (1)

faronics/insight

Timeline

Published May 31, 2023

Tracked Since Feb 18, 2026