CVE-2023-28349

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-346
View all →

Vulnerability Description

An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution.

Related Vulnerabilities

CVE-2017-8793

HIGH
CVSS:8.8(High)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the d...

CWE-3462017

CVE-2018-6654

HIGH
CVSS:8.8(High)

The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens i...

CWE-3462018

CVE-2020-11069

HIGH
CVSS:8.8(High)

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can b...

CWE-3462020

CVE-2020-1408

HIGH
CVSS:8.8(High)

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.

CWE-3462020

CVE-2020-24772

HIGH
CVSS:8.8(High)

In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. W...

CWE-3462020

CVE-2021-31718

HIGH
CVSS:8.8(High)

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.

CWE-3462021