CVE-2023-25718

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.connectwise.com	Product
https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/	Not Applicable
https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures
https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*

Information

Published : 2023-02-13 12:15

Updated : 2023-03-05 12:15

NVD link : CVE-2023-25718

Mitre link : CVE-2023-25718

JSON object : View

CWE

CWE-347

Improper Verification of Cryptographic Signature

Advertisement

Products Affected

connectwise

control

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.connectwise.com", "name": "https://www.connectwise.com", "tags": ["Product"], "refsource": "MISC"}, {"url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/", "name": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/", "tags": ["Not Applicable"], "refsource": "MISC"}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures", "name": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures", "tags": [], "refsource": "MISC"}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity", "name": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-347"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-25718", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-02-13T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "22.9.10032"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-05T20:15Z"}