PT-2023-25182 · Sliver · Sliver

Publicado

2023-06-21

Atualizado

2024-08-20

CVE-2023-35170

CVSS v4.0

9.2

Crítica

Vetor

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Sliver versions up to 1.5.39

Description The cryptography implementation in Sliver allows a man-in-the-middle (MitM) attack with access to the corresponding implant binary to execute arbitrary code on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device.

Recommendations For Sliver versions up to 1.5.39, users are advised to upgrade to a newer version to mitigate the risk. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting access to the implant binary to minimize the risk of exploitation.

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

CVE-2023-35170

GHSA-8JXM-XP43-QH3Q

GO-2023-1866

Produtos afetados

Sliver

PT-2023-25182 · Sliver · Sliver

CVE-2023-35170

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15