Exploring the Risks of Faronics Education Software: Critical Vulnerabilities Uncovered

Critical Vulnerabilities Found in Faronics Education Software

Cybersecurity firm NCC Group has identified vulnerabilities in Faronics Insight, an educational software used for administering and controlling student devices, transferring files, and monitoring students’ screens. The software operates based on a server-client model, with Teacher and Student Console UIs provided by Electron applications, essentially JavaScript-based web applications embedded in executable files. According to NCC Group’s analysis, a total of 11 vulnerabilities were found, including three critical-severity flaws leading to remote code execution (RCE).

Types of Vulnerabilities Found

The identified critical vulnerabilities were identified as follows:

• CVE-2023-28353: Located in the file upload API, this issue could allow an unauthenticated attacker to upload arbitrary files to the Teacher console, including DLL files that could be executed with System privileges. The flaw could be exploited to deploy files in specific folders or chained with other issues to execute code as System.
• CVE-2023-28347: An unauthenticated attacker could use an XSS issue to execute code on all student devices and on the teacher’s computer, through the Teacher Console, in a zero-click manner. The identified flaw is due to the default configuration, in which the Teacher console application lacks authentication/authorization of Student console apps, allowing attackers to create fake Student console apps and connect with them.
• CVE-2023-28349: Relies on a fake Teacher Console app to force Student Consoles to connect and exploit themselves automatically. An attacker could also use this vulnerability to spy on students.

The other identified vulnerabilities in Faronics Insight included bypassing of the software’s enhanced security mode (CVE-2023-28352), lack of input validation leading to XSS and RCE (CVE-2023-28350), loading of system DLLs in an unsafe manner, permitting DLL hijacking attacks, plaintext transmission of data between Teacher and Student consoles, bypassing of Virtual Host Routing feature, storing of keystrokes in plaintext, and unauthenticated access to view screenshots of student desktops, with exposed plaintext password for Teacher Console accessible via a localhost-accessible API endpoint.

Assessment of Risks

The critical vulnerabilities identified by NCC Group researchers in Faronics Insight could allow attackers to take over teacher and student devices, deploy malware, spy on users, and execute arbitrary code with system privileges. Given that the affected software is deployed in schools and used to manage students’ devices, the potential harm from exploiting these vulnerabilities could be significant. Attackers exploiting a combination of the vulnerabilities could chain attacks and escalate privileges, allowing them to execute system-level commands remotely, effectively becoming the school’s IT Administrator. The fact that Faronics Insight is used in educational institutions globally makes it a prime target for attackers looking to gain access to these institutions’ resources.

Vendor Response and Security Recommendations

NCC Group reported the identified vulnerabilities to Faronics back in February. The vendor has since released patches with Faronics Insight version 11.23.x.289, which includes fixes for all the identified issues. Organizations using Faronics Insight are advised to update to the latest version as soon as possible to reduce the risk of exploitation. In addition, given the critical nature of these vulnerabilities and the software’s use in schools, affected institutions must take appropriate steps to mitigate the potential harm. Best practices to reduce the risk of exploitation in educational environments include:

• Implementing secure configurations and access controls for educational software
• Deploying network security monitoring systems to identify malicious activity
• Implementing continuous security monitoring to detect and respond to threats
• Ensuring that all software deployed in educational environments is updated frequently with the latest patches

Conclusion

Faronics Insight is a widely-used education software whose vulnerabilities could be exploited to cause significant harm to schools and their users. Organizations using the software must take appropriate steps to update to the latest version and ensure that best security practices are implemented to reduce the risk of exploitation. The issues identified in Faronics Insight serve as an important reminder that maintaining software security is critical, especially where sensitive data and critical resources are concerned.