Insight
CVE-2023-28344
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console.
AnalysisAI
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Resource to Wrong Sphere (CWE-668), which allows attackers to access resources from an unintended security context. An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console. Affected products include: Faronics Insight.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement proper access controls, validate resource access permissions, use security boundaries.
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated critical severity (CVSS 9.6), this vulnerabilit
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is
An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability
An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability
An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability
An issue was discovered in creditease-sec insight through 2018-09-11. Rated high severity (CVSS 8.8), this vulnerability
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.4), this vulnerability is
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.4), this vulnerability is
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.3), this vulnerability is
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 6.1), this vulnerability
An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 4.6), this vulnerability
Same weakness CWE-668 – Exposure of Resource to Wrong Sphere
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today