{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41111", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-15T15:53:28.321Z", "datePublished": "2024-07-18T22:11:44.705Z", "dateUpdated": "2024-08-02T04:46:52.372Z"}, "containers": {"cna": {"title": "BishopFox Sliver Authenticated Remote Code Execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8"}, {"name": "https://github.com/BishopFox/sliver/issues/65", "tags": ["x_refsource_MISC"], "url": "https://github.com/BishopFox/sliver/issues/65"}, {"name": "https://github.com/BishopFox/sliver/pull/1281", "tags": ["x_refsource_MISC"], "url": "https://github.com/BishopFox/sliver/pull/1281"}, {"name": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57", "tags": ["x_refsource_MISC"], "url": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57"}, {"name": "https://sliver.sh/docs?name=Multi-player+Mode", "tags": ["x_refsource_MISC"], "url": "https://sliver.sh/docs?name=Multi-player+Mode"}], "affected": [{"vendor": "BishopFox", "product": "sliver", "versions": [{"version": "= 1.6.0-dev", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-18T22:11:44.705Z"}, "descriptions": [{"lang": "en", "value": "Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged \"operator\" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), \"there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server.\" An operator who exploited this vulnerability would be able to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. This issue has not yet be addressed but is expected to be resolved before the full release of version 1.6.0. Users of the 1.6.0 prerelease should avoid using Silver in production."}], "source": {"advisory": "GHSA-hc5w-gxxr-w8x8", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "bishopfox", "product": "sliver", "cpes": ["cpe:2.3:a:bishopfox:sliver:1.6.0-dev:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.6.0-dev", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T14:23:18.145229Z", "id": "CVE-2024-41111", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T14:27:34.218Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.372Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8"}, {"name": "https://github.com/BishopFox/sliver/issues/65", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/BishopFox/sliver/issues/65"}, {"name": "https://github.com/BishopFox/sliver/pull/1281", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/BishopFox/sliver/pull/1281"}, {"name": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57"}, {"name": "https://sliver.sh/docs?name=Multi-player+Mode", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sliver.sh/docs?name=Multi-player+Mode"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8", "name": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/BishopFox/sliver/issues/65", "name": "https://github.com/BishopFox/sliver/issues/65", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/BishopFox/sliver/pull/1281", "name": "https://github.com/BishopFox/sliver/pull/1281", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57", "name": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://sliver.sh/docs?name=Multi-player+Mode", "name": "https://sliver.sh/docs?name=Multi-player+Mode", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:46:52.372Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41111", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T14:23:18.145229Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bishopfox:sliver:1.6.0-dev:*:*:*:*:*:*:*"], "vendor": "bishopfox", "product": "sliver", "versions": [{"status": "affected", "version": "1.6.0-dev"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T14:27:28.822Z"}}], "cna": {"title": "BishopFox Sliver Authenticated Remote Code Execution", "source": {"advisory": "GHSA-hc5w-gxxr-w8x8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "BishopFox", "product": "sliver", "versions": [{"status": "affected", "version": "= 1.6.0-dev"}]}], "references": [{"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8", "name": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/BishopFox/sliver/issues/65", "name": "https://github.com/BishopFox/sliver/issues/65", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/BishopFox/sliver/pull/1281", "name": "https://github.com/BishopFox/sliver/pull/1281", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57", "name": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57", "tags": ["x_refsource_MISC"]}, {"url": "https://sliver.sh/docs?name=Multi-player+Mode", "name": "https://sliver.sh/docs?name=Multi-player+Mode", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged \"operator\" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), \"there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server.\" An operator who exploited this vulnerability would be able to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. This issue has not yet be addressed but is expected to be resolved before the full release of version 1.6.0. Users of the 1.6.0 prerelease should avoid using Silver in production."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-18T22:11:44.705Z"}}}, "cveMetadata": {"cveId": "CVE-2024-41111", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:46:52.372Z", "dateReserved": "2024-07-15T15:53:28.321Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-18T22:11:44.705Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged \"operator\" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), \"there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server.\" An operator who exploited this vulnerability would be able to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. This issue has not yet be addressed but is expected to be resolved before the full release of version 1.6.0. Users of the 1.6.0 prerelease should avoid using Silver in production."}, {"lang": "es", "value": "Sliver es un framework de trabajo de equipo rojo/emulaci\u00f3n de adversario multiplataforma de c\u00f3digo abierto que puede ser utilizado por organizaciones de todos los tama\u00f1os para realizar pruebas de seguridad. La versi\u00f3n 1.6.0 (prelanzamiento) de Sliver es vulnerable a RCE en el servidor de equipos por parte de un usuario \"operador\" con pocos privilegios. El RCE act\u00faa como usuario ra\u00edz del sistema. El exploit es bastante divertido ya que hacemos que el servidor Sliver se utilice. Como se describi\u00f3 en una edici\u00f3n anterior (#65), \"existe un l\u00edmite de seguridad claro entre el operador y el servidor, un operador no deber\u00eda poder ejecutar comandos o c\u00f3digos en el servidor\". Un operador que explotara esta vulnerabilidad podr\u00eda ver todos los registros de la consola, expulsar a todos los dem\u00e1s operadores, ver y modificar archivos almacenados en el servidor y, en \u00faltima instancia, eliminar el servidor. Este problema a\u00fan no se ha solucionado, pero se espera que se resuelva antes del lanzamiento completo de la versi\u00f3n 1.6.0. Los usuarios de la versi\u00f3n preliminar 1.6.0 deben evitar el uso de Silver en producci\u00f3n."}], "id": "CVE-2024-41111", "lastModified": "2024-07-19T13:01:44.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-07-18T23:15:02.280", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57"}, {"source": "security-advisories@github.com", "url": "https://github.com/BishopFox/sliver/issues/65"}, {"source": "security-advisories@github.com", "url": "https://github.com/BishopFox/sliver/pull/1281"}, {"source": "security-advisories@github.com", "url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8"}, {"source": "security-advisories@github.com", "url": "https://sliver.sh/docs?name=Multi-player+Mode"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}