Vulnerabilities identified in Faronics Insight v11.21.2100.262
CVE-2023-28353
RCE As SYSTEM Via Unauthenticated File Upload API
Critical
CVE-2023-28347
RCE as SYSTEM via Artificial Student Console and XSS
Critical
CVE-2023-28349
RCE as SYSTEM via Artificial Teacher Console
Critical
Not assigned (Mitre policy)
Numerous DLL Hijacking Vulnerabilities in Teacher and Student Consoles
High
CVE-2023-28350
Systemic Stored and Reflected Cross Site Scripting Flaws
High
CVE-2023-28348
All Data Transmitted in Plaintext Enabling MITM
High
CVE-2023-28352
Enhanced Security Mode May Be Bypassed
High
CVE-2023-28351
Keystroke Logs Are Stored in Plaintext in a World Readable Directory
Medium
CVE-2023-28344
Lack of Access Controls on Student APIs
Medium
CVE-2023-28345
Teacher Console Credentials Exposed via API Endpoint
Medium
CVE-2023-28346
Virtual Host Routing Can Be Defeated
Low
