CVE-2023-51750

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."

4.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent Vendor Advisory
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 Third Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 Third Party Advisory
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent Vendor Advisory
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 Third Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:scalefusion:scalefusion:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:38

Type Values Removed Values Added
References () https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent - Vendor Advisory () https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent - Vendor Advisory
References () https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - Third Party Advisory () https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 - Third Party Advisory
References () https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - Third Party Advisory () https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 - Third Party Advisory

03 Jul 2024, 01:43

Type Values Removed Values Added
CWE CWE-286

22 Jan 2024, 19:09

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-11 14:15

Updated : 2024-11-21 08:38

NVD link : CVE-2023-51750

Mitre link : CVE-2023-51750

CVE.ORG link : CVE-2023-51750

JSON object : View

Products Affected

scalefusion

  • scalefusion

microsoft

  • windows
CWE
NVD-CWE-noinfo CWE-286

Incorrect User Management