CVE-2023-50159

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-50159
In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 Exploit Third Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:windows:*:*
History

18 Jan 2024, 19:15

Type Values Removed Values Added
References
  • () https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent -
Summary (en) In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. (en) In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.

18 Jan 2024, 17:56

Type Values Removed Values Added
Summary
  • (es) En el agente ScaleFusion (aplicación de escritorio de Windows) v10.5.2, las restricciones de la aplicación en modo quiosco se pueden omitir permitiendo la ejecución de código arbitrario.
CPE cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:windows:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
First Time Scalefusion scalefusion
Scalefusion
References () https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - () https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - Exploit, Third Party Advisory
References () https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - () https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - Exploit, Third Party Advisory

11 Jan 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-11 14:15

Updated : 2024-01-18 19:15

NVD link : CVE-2023-50159

Mitre link : CVE-2023-50159

CVE.ORG link : CVE-2023-50159

JSON object : View

Products Affected

scalefusion

  • scalefusion
CWE
NVD-CWE-noinfo