Описание
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner.
Ссылки
- ExploitMitigationRelease NotesThird Party Advisory
- Third Party Advisory
- ExploitMitigationRelease NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
9.6 Critical
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner.
Уязвимость компонента Teacher Console платформы управления компьютерными сетями в образовании Faronics Insight, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
EPSS
9.6 Critical
CVSS3