How severe is CVE-2023-28346?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2023-28346?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2023-28346 - HIGH Severity | CVSS 7.3

Vulnerability Description

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.

Related Vulnerabilities

CVE-2018-0422

HIGH

CVSS:7.3(High)

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device w...

CWE-7322018

CVE-2018-12335

HIGH

CVSS:7.3(High)

Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestric...

CWE-7322018

CVE-2018-18098

HIGH

CVSS:7.3(High)

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.

CWE-7322018

CVE-2018-19113

HIGH

CVSS:7.3(High)

The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronesto...

CWE-7322018

CVE-2019-12876

HIGH

CVSS:7.3(High)

Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.

CWE-7322019

CVE-2019-13208

HIGH

CVSS:7.3(High)

WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1....

CWE-7322019