PT-2024-13870 · Unknown · Scalefusion

Published

2024-01-11

Updated

2024-01-18

CVE-2023-50159

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ScaleFusion versions 10.5.2 through 10.5.6

Description The issue allows Kiosk mode application restrictions to be bypassed, enabling arbitrary code execution. This is achieved by launching the file explorer in Agent-based Multi-App and Single App Kiosk mode. The problem is fixed in version 10.5.7 by preventing the launch of the file explorer in these modes.

Recommendations For versions 10.5.2 through 10.5.6, update to version 10.5.7 to prevent the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode, thereby fixing the issue.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2023-50159

Affected Products

Scalefusion

PT-2024-13870 · Unknown · Scalefusion

CVE-2023-50159

Weakness Enumeration

Related Identifiers

Affected Products

References · 9