CVE-2023-28353

Name of the Vulnerable Software and Affected Versions Faronics Insight version 10.0.19045

Description An issue in Faronics Insight allows an unauthenticated attacker to upload any type of file to any location on the Teacher Console's computer. This enables various exploitation paths, including code execution. It is also possible for the attacker to chain this issue with others, causing a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM. The vulnerability is related to insufficient access restriction, allowing an attacker to upload dangerous file types and potentially gain elevated privileges and execute arbitrary code.

Recommendations For Faronics Insight version 10.0.19045, consider restricting access to the file upload functionality in the Teacher Console until a patch is available. As a temporary workaround, disabling the ability to upload files to sensitive locations on the Teacher Console's computer may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.