Lucene search

[email protected]NVD:CVE-2023-51750

HistoryJan 11, 2024 - 2:15 p.m.

CVE-2023-51750

2024-01-1114:15:44

CWE-286

[email protected]

web.nvd.nist.gov

scalefusion

user limitation

edge application

file downloads

windows device profile configuration

website allow-listing rules

cve-2023-51750

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor’s position is “Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules.”

Affected configurations

Nvd

Node

scalefusionscalefusionMatch10.5.2

AND

microsoftwindowsMatch-

VendorProductVersionCPE
scalefusionscalefusion10.5.2cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scalefusion	scalefusion	10.5.2	cpe:2.3:a:scalefusion:scalefusion:10.5.2:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent

medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6

medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for NVD:CVE-2023-51750

prion1 vulnrichment1 cvelist1 cve1