PT-2023-25182 · Sliver · Sliver

Published

2023-06-21

Updated

2024-08-20

CVE-2023-35170

CVSS v4.0

9.2

Critical

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Sliver versions up to 1.5.39

Description The cryptography implementation in Sliver allows a man-in-the-middle (MitM) attack with access to the corresponding implant binary to execute arbitrary code on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device.

Recommendations For Sliver versions up to 1.5.39, users are advised to upgrade to a newer version to mitigate the risk. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting access to the implant binary to minimize the risk of exploitation.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2023-35170

GHSA-8JXM-XP43-QH3Q

GO-2023-1866

Affected Products

Sliver

PT-2023-25182 · Sliver · Sliver

CVE-2023-35170

Weakness Enumeration

Related Identifiers

Affected Products

References · 15