Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 31/05/2023 Updated: 06/06/2023

CVSS v3 Base Score: 7.3 | Impact Score: 5.2 | Exploitability Score: 2.1

VMScore: 0

An issue exists in Faronics Insight 10.0.19045 on Windows. It is possible for a remote malicious user to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
faronics insight 10.0.19045

CWE-732 https://research.nccgroup.com/2023/05/30/technical-advisory-multiple-vulnerabilities-in-faronics-insight/https://research.nccgroup.com/?research=Technical%20advisories https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-28346

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect