Lucene search
K
FaronicsInsight

10 matches found

CVE
CVE
added 2023/05/30 12:0 a.m.69 views

CVE-2023-28353

CVE-2023-28353 affects Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker can upload arbitrary files to any location on the Teacher Console computer, enabling multiple exploitation paths including achievable code execution and the potential to chain with other flaws to run a DLL ...

8.8CVSS8.9AI score0.01362EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.66 views

CVE-2023-28348

The CVE-2023-28348 entry affects Faronics Insight version 10.0.19045. The root cause is unencrypted storage in the Teacher Console and Student Console components, enabling a nearby attacker to perform a man-in-the-middle attack by sending specially crafted HTTP requests to port 8890, intercepting...

7.4CVSS7.2AI score0.00442EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.56 views

CVE-2023-28350

The CVE-2023-28350 issue affects Faronics Insight version 10.0.19045 on Windows, where attacker-supplied input is rendered in both the Teacher and Student Console applications without proper validation/sanitization. This enables cross-site scripting (XSS) in the consoles, and due to the Teacher C...

6.1CVSS6.5AI score0.01069EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.54 views

CVE-2023-28349

CVE-2023-28349 affects Faronics Insight on Windows (v10.0.19045). A crafted program that mimics the Teacher Console can cause Student Consoles to connect and, with NT AUTHORITY/SYSTEM permissions, write arbitrary files to arbitrary locations, enabling remote code execution. The vulnerability aris...

8.8CVSS8.8AI score0.01204EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.52 views

CVE-2023-28344

The CVE-2023-28344 issue affects Faronics Insight 10.0.19045 on Windows. The root cause is insufficient access control when handling the agent id parameter in the Insight Teacher Console, allowing unauthenticated attackers to view constantly updated screenshots of student desktops and to submit f...

7.1CVSS6.8AI score0.00907EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.49 views

CVE-2023-28345

CVE-2023-28345 affects Faronics Insight 10.0.19045 on Windows, where the Insight Teacher Console exposes the teacher’s password in cleartext via a localhost API endpoint. An attacker with physical access can open a browser, access the endpoint, and obtain the password, enabling login to the Teach...

4.6CVSS4.6AI score0.00319EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.44 views

CVE-2023-28347

The CVE-2023-28347 issue affects Faronics Insight 10.0.19045 on Windows. A cross-site scripting flaw in the Teacher Console can be exploited by a PoC that mimics the Student Console, enabling unauthenticated attackers to achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Studen...

9.6CVSS9.3AI score0.02773EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.44 views

CVE-2023-28351

Summary: CVE-2023-28351 affects Faronics Insight 10.0.19045 (Windows) where every keystroke by any user on a system with the Student application is logged to a world‑readable directory. A local attacker can trivially access these cleartext keystrokes, enabling potential collection of PII and comp...

3.3CVSS4AI score0.00303EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.43 views

CVE-2023-28346

CVE-2023-28346 (Faronics Insight 10.0.19045, Windows) : A vulnerability allows remote attackers with valid credentials to communicate with private API endpoints exposed by the web server (examples: /login, /consoleSettings, /console) despite Virtual Host Routing intended to block access. The flaw...

7.3CVSS7.2AI score0.00884EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.40 views

CVE-2023-28352

CVE-2023-28352 affects Faronics Insight 10.0.19045 on Windows. The issue stems from abusing the Insight UDP broadcast discovery system, enabling an attacker‑controlled artificial Student Console to connect to and attack a Teacher Console even after Enhanced Security Mode is enabled. CVSS v3.1 bas...

7.4CVSS7.3AI score0.00686EPSS