Arbitrary File Upload and Remote Code Execution in Faronics Insight 10.0.19045

Arbitrary File Upload and Remote Code Execution in Faronics Insight 10.0.19045

CVE-2023-28353 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.

Learn more about our Web Application Penetration Testing UK.