CVE-2023-28352
HIGHFaronics Insight 10.0.19045 - Incorrect Authorization via UDP Broadcast Discovery
Title source: llmDescription
An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
Third Party Advisory
https://research.nccgroup.com/?research=Technical%20advisories
Scores
CVSS v3
7.4
EPSS
0.0069
EPSS Percentile
47.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (1)
faronics/insight
10.0.19045
Published
May 31, 2023
Tracked Since
Feb 18, 2026