CVE-2023-50159

HIGH

ScaleFusion 10.5.2 - Kiosk Mode Bypass via File Explorer Launch

Title source: llm

Description

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

References (3)

Core 3

Core References

Various Sources

https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent

Exploit, Third Party Advisory

https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6

Exploit, Third Party Advisory

https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59

Scores

CVSS v3 8.8

EPSS 0.0029

EPSS Percentile 20.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

scalefusion/scalefusion 10.5.2

Published Jan 11, 2024

Tracked Since Feb 18, 2026