ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
References
Link | Resource |
---|---|
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent | Vendor Advisory |
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 | Third Party Advisory |
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
22 Jan 2024, 18:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
CPE | cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
First Time |
Scalefusion scalefusion
Microsoft windows Microsoft Scalefusion |
|
CWE | NVD-CWE-noinfo | |
References | () https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent - Vendor Advisory | |
References | () https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - Third Party Advisory | |
References | () https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - Third Party Advisory |
18 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
|
Summary | (en) ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. |
11 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-11 14:15
Updated : 2024-01-22 18:41
NVD link : CVE-2023-51751
Mitre link : CVE-2023-51751
CVE.ORG link : CVE-2023-51751
JSON object : View
Products Affected
microsoft
- windows
scalefusion
- scalefusion
CWE