Scalefusion
CVE-2023-51749
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
AnalysisAI
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." Affected products include: Scalefusion.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Scalefusion
View allScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. Rated hi
In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrar
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. Rated medium severi
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. Rated medium
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today