CVE-2023-25718

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a "fundamental lack of understanding of Authenticode code signing behavior."

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/	Not Applicable
https://www.connectwise.com	Product
https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures
https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity

Configurations

Configuration 1 (hide)

cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-02-13 20:15

Updated : 2024-06-04 19:17

NVD link : CVE-2023-25718

Mitre link : CVE-2023-25718

CVE.ORG link : CVE-2023-25718

JSON object : View

Products Affected

connectwise

control

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2023-25718", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-02-13T20:15:11.040", "references": [{"url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.connectwise.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures", "source": "cve@mitre.org"}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a \"fundamental lack of understanding of Authenticode code signing behavior.\""}], "lastModified": "2024-06-04T19:17:24.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E662D8E7-CE49-4030-91E7-8D132A25F9C5", "versionEndIncluding": "22.9.10032"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}