Lucene search

MitreCVE-2023-28345

HistoryMay 31, 2023 - 12:15 a.m.

CVE-2023-28345

2023-05-3100:15:09

CWE-312

mitre

web.nvd.nist.gov

cve-2023-28345

faronics insight

windows

cleartext password

api endpoint

security vulnerability

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher’s Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher’s password. This enables them to log into the Teacher Console and begin trivially attacking student machines.

Affected configurations

Nvd

Node

faronicsinsightMatch10.0.19045

AND

microsoftwindowsMatch-

VendorProductVersionCPE
faronicsinsight10.0.19045cpe:2.3:a:faronics:insight:10.0.19045:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
faronics	insight	10.0.19045	cpe:2.3:a:faronics:insight:10.0.19045:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/

research.nccgroup.com/?research=Technical%20advisories

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for CVE-2023-28345