CVE-2023-28348

Name of the Vulnerable Software and Affected Versions Faronics Insight version 10.0.19045

Description The issue allows a suitably positioned attacker to perform a man-in-the-middle attack on either a connected student or teacher. This enables them to intercept student keystrokes or modify executable files being sent from teachers to students. The vulnerability is related to the unencrypted storage of confidential information in the Teacher Console and Student Console components of the Faronics Insight platform. An attacker can exploit this vulnerability by sending specially crafted HTTP requests to port 8890, allowing them to implement a man-in-the-middle attack.

Recommendations For Faronics Insight version 10.0.19045, consider restricting access to the Teacher Console and Student Console components to minimize the risk of exploitation. As a temporary workaround, avoid using the affected port 8890 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.