CVE-2023-50159

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6	Exploit Third Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59	Exploit Third Party Advisory
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6	Exploit Third Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:windows:*:*

History

21 Nov 2024, 08:36

Type	Values Removed	Values Added
References	~~() https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent -~~	() https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent -
References	~~() https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - Exploit, Third Party Advisory~~	() https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - Exploit, Third Party Advisory
References	~~() https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - Exploit, Third Party Advisory~~	() https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - Exploit, Third Party Advisory

18 Jan 2024, 19:15

Type	Values Removed	Values Added
First Time		Scalefusion scalefusion Scalefusion
References		() https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent -
References	~~() https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 -~~	() https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - Exploit, Third Party Advisory
References	~~() https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 -~~	() https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - Exploit, Third Party Advisory
CPE		cpe:2.3:a:scalefusion:scalefusion:10.5.2:::::windows::
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
Summary		(es) En el agente ScaleFusion (aplicación de escritorio de Windows) v10.5.2, las restricciones de la aplicación en modo quiosco se pueden omitir permitiendo la ejecución de código arbitrario.
Summary	~~(en) In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed.~~	(en) In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

11 Jan 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-11 14:15

Updated : 2024-11-21 08:36

NVD link : CVE-2023-50159

Mitre link : CVE-2023-50159

CVE.ORG link : CVE-2023-50159

JSON object : View

Products Affected

scalefusion

scalefusion

CWE

NVD-CWE-noinfo

8.8 /10