CVE-2023-28352

Name of the Vulnerable Software and Affected Versions Faronics Insight version 10.0.19045

Description The issue is related to insufficient protection of service data in the Enhanced Security mode of the Teacher Console and Student Console of the Faronics Insight platform. Exploitation of this issue may allow a remote attacker to bypass security restrictions, gain unauthorized access to protected information, or execute arbitrary code. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.

Recommendations For Faronics Insight version 10.0.19045, consider disabling the Enhanced Security mode until a patch is available, and restrict access to the UDP broadcast discovery system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.