Lucene search

MitreCVE-2023-51750

HistoryJan 11, 2024 - 2:15 p.m.

CVE-2023-51750

2024-01-1114:15:44

CWE-286

mitre

web.nvd.nist.gov

cve-2023-51750

scalefusion

10.5.2

edge application

file downloads

nvd

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor’s position is “Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules.”

Affected configurations

Nvd

Node

scalefusionscalefusionMatch10.5.2

AND

microsoftwindowsMatch-

VendorProductVersionCPE
scalefusionscalefusion10.5.2cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scalefusion	scalefusion	10.5.2	cpe:2.3:a:scalefusion:scalefusion:10.5.2:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent

medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6

medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for CVE-2023-51750