CVE-2023-51749 — HIGH (8.8)

Vulnerability Description

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."

CVSS Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Scalefusion	Scalefusion	10.5.2

References

https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-sExploitThird Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusiExploitThird Party Advisory
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-sExploitThird Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusiExploitThird Party Advisory

FAQ

What is CVE-2023-51749?

CVE-2023-51749 is a vulnerability with a CVSS score of 8.8 (HIGH). ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profi...

How severe is CVE-2023-51749?

CVE-2023-51749 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-51749?

Check the references section above for vendor advisories and patch information. Affected products include: Scalefusion Scalefusion.