Login Sign Up

CVE-2023-51749

8.8 HIGH

📋 TL;DR

This vulnerability allows users to bypass kiosk mode restrictions in ScaleFusion 10.5.2 by initiating searches from tooltips, potentially accessing unauthorized applications or websites. Organizations using ScaleFusion for Windows device management with kiosk mode configurations are affected. The vendor states the vulnerability doesn't exist when using default Windows device profile configurations with modern management and website allow-listing.

💻 Affected Systems

Products:
  • ScaleFusion Windows MDM Agent
Versions: 10.5.2
Operating Systems: Windows
Default Config Vulnerable: ✅ No
Notes: Vendor states not vulnerable when using default Windows device profile configuration with modern management and website allow-listing rules.

📦 What is this software?

Scalefusion by Scalefusion

View all CVEs affecting Scalefusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could escape kiosk mode entirely, access sensitive systems, install malware, or exfiltrate data from supposedly locked-down devices.

🟠

Likely Case

Users bypass intended restrictions to access unauthorized applications or websites, compromising device security policies and potentially exposing sensitive information.

🟢

If Mitigated

With proper configuration and website allow-listing, users remain confined to approved applications with minimal security impact.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires physical or remote access to a kiosk device and involves simple user interface manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.5.3 or later

Vendor Advisory: https://help.scalefusion.com/docs/security-advisory-for-windows-mdm-agent

Restart Required: Yes

Instructions:

1. Update ScaleFusion Windows MDM Agent to version 10.5.3 or later. 2. Ensure devices are configured with modern management and website allow-listing rules. 3. Restart affected devices after update.

🔧 Temporary Workarounds

Enable Modern Management Configuration

windows

Configure devices using default Windows device profile with modern management and website allow-listing rules as recommended by vendor.

Disable Tooltip Search Functionality

windows

Modify kiosk policies to disable search functionality from tooltips if supported by configuration.

🧯 If You Can't Patch

  • Implement strict physical security controls for kiosk devices to prevent unauthorized access.
  • Deploy additional application control solutions to restrict unauthorized program execution.

🔍 How to Verify

Check if Vulnerable:

Check if ScaleFusion Windows MDM Agent version is 10.5.2 and kiosk mode is configured without modern management/website allow-listing.

Check Version:

Check ScaleFusion agent version in Windows Programs and Features or via ScaleFusion management console.

Verify Fix Applied:

Verify agent version is 10.5.3 or later and confirm modern management with website allow-listing is enabled in configuration.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application launches from kiosk devices
  • Security policy violation events
  • Edge browser accessing non-whitelisted sites

Network Indicators:

  • Kiosk devices connecting to unexpected domains or services
  • Traffic patterns inconsistent with kiosk usage

SIEM Query:

source="windows" AND (event_id=4688 OR event_id=4689) AND process_name NOT IN ("allowed_app1.exe", "allowed_app2.exe")

📊 Metadata

CVE ID: CVE-2023-51749
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Published: January 11, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON