Description
An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/
Third Party Advisory
https://research.nccgroup.com/?research=Technical%20advisories
Scores
CVSS v3
8.8
EPSS
0.0009
EPSS Percentile
25.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (1)
faronics/insight
10.0.19045
Published
May 31, 2023
Tracked Since
Feb 18, 2026