Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-25719

Published: 13/02/2023 Updated: 05/03/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Connectwise

Vulnerability Summary

ConnectWise Control prior to 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

connectwise control

References

CWE-74https://www.connectwise.comhttps://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos/https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosureshttps://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severityhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook