CVE-2023-25719 - Vulnerability Details - OpenCVE

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Connectwise	Control

Configuration 1 [-]

cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos/
https://www.connectwise.com
https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures
https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-13T00:00:00

Updated: 2024-08-02T11:32:11.873Z

Reserved: 2023-02-13T00:00:00

Link: CVE-2023-25719

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-13T20:15:11.110

Modified: 2024-11-21T07:50:00.107

Link: CVE-2023-25719

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25719", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T11:32:11.873Z", "dateReserved": "2023-02-13T00:00:00", "datePublished": "2023-02-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-03-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.connectwise.com"}, {"url": "https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos/"}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:11.873Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.connectwise.com", "tags": ["x_transferred"]}, {"url": "https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos/", "tags": ["x_transferred"]}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity", "tags": ["x_transferred"]}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*", "matchCriteriaId": "E73E1DBA-4FDE-4D67-990C-3001EAA801FB", "versionEndExcluding": "22.9.10032", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations)."}, {"lang": "es", "value": "ConnectWise Control anterior a 22.9.10032 (anteriormente conocido como ScreenConnect) no puede validar los par\u00e1metros proporcionados por el usuario, como el par\u00e1metro h de Bin/ConnectWiseControl.Client.exe. Esto da como resultado datos reflejados e inyecci\u00f3n de c\u00f3digo malicioso en un ejecutable descargado. El ejecutable se puede utilizar para ejecutar consultas maliciosas o como vector de denegaci\u00f3n de servicio. NOTA: este registro CVE trata solo de los par\u00e1metros, como el par\u00e1metro h (este registro CVE no trata sobre la edici\u00f3n separada de archivos ejecutables firmados que se supone que tienen configuraciones \u00fanicas en las instalaciones de los clientes)."}], "id": "CVE-2023-25719", "lastModified": "2024-11-21T07:50:00.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-13T20:15:11.110", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.connectwise.com"}, {"source": "cve@mitre.org", "url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures"}, {"source": "cve@mitre.org", "url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.connectwise.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}