Lucene search

MitreCVELIST:CVE-2023-51748

HistoryJan 11, 2024 - 12:00 a.m.

CVE-2023-51748

2024-01-1100:00:00

mitre

www.cve.org

scalefusion

edge application

launch restriction

bypass

ctrl-o

ctrl-s

file explorer

agent-based

multi-app

single app

kiosk mode

cve-2023-51748

8.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

References

help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent

medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6

medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59