CVE-2023-50159 – This vulnerability allows attackers to bypass k... (How to Fix)

Q: What is the severity of CVE-2023-50159?

CVE-2023-50159 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to bypass kiosk mode application restrictions in ScaleFusion Windows Desktop App, enabling execution of arbitrary code. It affects organizations using ScaleFusion's kiosk mode for controlled device access. The bypass occurs through launching file explorer in restricted modes.

📋 TL;DR

This vulnerability allows attackers to bypass kiosk mode application restrictions in ScaleFusion Windows Desktop App, enabling execution of arbitrary code. It affects organizations using ScaleFusion's kiosk mode for controlled device access. The bypass occurs through launching file explorer in restricted modes.

💻 Affected Systems

Products:

ScaleFusion Windows Desktop App

Versions: 10.5.2 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Agent-based Multi-App and Single App Kiosk modes. Browser mode kiosk may also be affected based on references.

📦 What is this software?

Scalefusion by Scalefusion

View all CVEs affecting Scalefusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of malware, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized access to restricted systems, potential data theft, and installation of unauthorized applications.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though kiosk functionality would still be bypassed.

🌐 Internet-Facing: MEDIUM - While primarily an internal vulnerability, internet-facing kiosk devices could be targeted if accessible.

🏢 Internal Only: HIGH - Directly impacts kiosk security controls allowing unauthorized access to restricted systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires physical or remote access to the kiosk device. Multiple public disclosures detail the bypass technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.5.7

Vendor Advisory: https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent

Restart Required: Yes

Instructions:

1. Download ScaleFusion agent version 10.5.7 or later from vendor portal. 2. Deploy to all affected Windows devices. 3. Restart devices to apply changes. 4. Verify kiosk mode restrictions are properly enforced.

🔧 Temporary Workarounds

Disable File Explorer Access

windows

Use Group Policy or local policies to restrict file explorer access in kiosk mode

gpedit.msc -> User Configuration -> Administrative Templates -> Windows Components -> File Explorer -> Prevent access to drives from My Computer

Enhanced Monitoring

all

Implement additional monitoring for file explorer processes in kiosk environments

🧯 If You Can't Patch

Isolate kiosk devices on separate network segments with strict firewall rules
Implement application whitelisting to prevent execution of unauthorized binaries

🔍 How to Verify

Check if Vulnerable:

Check ScaleFusion agent version: If version is 10.5.2 or earlier, device is vulnerable. Attempt to launch file explorer while in kiosk mode.

Check Version:

Check ScaleFusion agent version in Windows Settings > Apps or via command line: wmic product where name='ScaleFusion' get version

Verify Fix Applied:

After patching to 10.5.7+, verify file explorer cannot be launched in Agent-based Multi-App or Single App Kiosk mode.

📡 Detection & Monitoring

Log Indicators:

File explorer process (explorer.exe) launched during kiosk sessions
Unauthorized application execution events in Windows Event Logs

Network Indicators:

Unexpected outbound connections from kiosk devices
Downloads from unauthorized sources

SIEM Query:

EventID=4688 AND ProcessName='explorer.exe' AND User LIKE '%kiosk%' OR CommandLine CONTAINS 'explorer.exe'

📊 Metadata

CVE ID: CVE-2023-50159

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-284

Published: January 11, 2024

Last Updated: June 17, 2025

🔗 References

https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 Exploit,Third Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 Exploit,Third Party Advisory
https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent
https://medium.com/nestedif/vulnerability-disclosure-browser-mode-kiosk-bypass-scalefusion-832f5a18ebb6 Exploit,Third Party Advisory
https://medium.com/nestedif/vulnerability-disclosure-kiosk-mode-bypass-scalefusion-4752dfa2dc59 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50159, you might also want to check these: