OpenCVE

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Scalefusion	Scalefusion

Configuration 1 [-]

cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-11T00:00:00

Updated: 2024-08-02T22:48:11.120Z

Reserved: 2023-12-22T00:00:00

Link: CVE-2023-51749

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-11T14:15:44.167

Modified: 2024-11-21T08:38:43.950

Link: CVE-2023-51749

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:windows:*:*", "matchCriteriaId": "B6D78BD9-C7BC-4669-8C06-7CA51F0C46BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is \"Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules.\""}, {"lang": "es", "value": "ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicaci\u00f3n Edge porque se puede realizar una b\u00fasqueda desde una informaci\u00f3n sobre herramientas."}], "id": "CVE-2023-51749", "lastModified": "2024-11-21T08:38:43.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-11T14:15:44.167", "references": [{"source": "cve@mitre.org", "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}