PT-2023-18849 · Connectwise · Connectwise Control
L00Neyhacker
·
Published
2023-02-01
·
Updated
2024-08-02
·
CVE-2023-23128
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Connectwise Control version 22.8.10013.8329
Description
The issue concerns Cross Origin Resource Sharing (CORS) in Connectwise Control. According to the vendor, two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and they claim there is no risk from this behavior. The vulnerability report is disputed.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connectwise Control