CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-51748
https://notcve.org/view.php?id=CVE-2023-51748
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque se pueden usar Ctrl-O y Ctrl-S. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-51749
https://notcve.org/view.php?id=CVE-2023-51749
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque se puede realizar una búsqueda desde una información sobre herramientas. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51750
https://notcve.org/view.php?id=CVE-2023-51750
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules." ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque pueden ocurrir descargas de archivos. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 • CWE-286: Incorrect User Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-50159
https://notcve.org/view.php?id=CVE-2023-50159
In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. En el agente ScaleFusion (aplicación de escritorio de Windows) v10.5.2, las restricciones de la aplicación en modo quiosco se pueden omitir permitiendo la ejecución de código arbitrario. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51751
https://notcve.org/view.php?id=CVE-2023-51751
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. ScaleFusion 10.5.2 no limita adecuadamente a los usuarios a la aplicación Edge porque se puede usar Alt-F4. • https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 •