CVE-2023-51749

Name of the Vulnerable Software and Affected Versions ScaleFusion version 10.5.2

Description The issue is related to inadequate access control in the Scalefusion MDM Agent, allowing an attacker to open arbitrary websites. Specifically, a search can be made from a tooltip, which can be used to bypass limitations. The vendor notes that the default Windows device profile configuration, which utilizes modern management with website allow-listing rules, is not vulnerable.

Recommendations For version 10.5.2, consider restricting access to the Edge application or implementing website allow-listing rules to minimize the risk of exploitation. As a temporary workaround, disabling the search functionality from tooltips may help until a patch is available.