Описание
Silver has unrestricted traffic between Wireguard clients
Summary
Sliver's custom Wireguard netstack doesn't limit traffic between Wireguard clients, this could lead to:
- Leaked/recovered keypair (from a beacon) being used to attack operators.
- Port forwardings usable from other implants.
Details
-
Sliver treat operators' Wireguard config and beacon/session's Wireguard config equally, they both connect to the wireguard listener created from the CLI.
-
The current netstack implementation does not filter traffic between clients. I think this piece of code handle traffic between clients, from experimental results clients can ping and connect to each other freely, and I didn't see any filtering here either:
-
The docs says to use a Wireguard clients and operator wg-config to connect to the same WG listener as beacons: https://sliver.sh/docs?name=Port%20Forwarding
-
If the operator uses official wireguard clients that integrates with the OS's netstack (I'm using the Windows client) then their services are accessible on the wireguard interface's IP address (for example 100.64.0.3) when the services listen on 0.0.0.0 (SSH, RDP, SMB, etc)
-
The beacon's wireguard private key can be recovered through a process dump or other forensic techniques.
-
When a private key is recovered, an attacker can connect to 100.64.0.1:1337 (key exchange listener) to generate new wireguard clients without the operators' knowledge, in that way achieve persistence inside the wireguard network.
PoC
Easy way:
- Create 2 operators wireguard config.
- Connect them both to the wireguard listener.
- From one machine, ping/scan/connect to the other's services like RDP (3389), SSH (22), etc.
Slightly complicated way:
-
From the operator's machine, connect to the wireguard listener.
-
On the attacker's machine, run a beacon.
-
Dump the process
-
Find the private key, public key, endpoint, etc in the dump file:
-
Construct a valid Wireguard config based on the strings found. On the attacker's machine, connect to the Wireguard listener.
-
Ping/scan/connect to the other's services like RDP (3389), SSH (22), etc.
Impact
The operator's machine is impacted, if their services contain a vulnerability, an attacker can exploit it and gain RCE. If not then it could be used to gather information (Hostname, SSH signature, etc).
Suggestion
- Filter traffic between clients with a default-deny policy.
- Differentiate between operators and beacons' wireguard config/client
- Only allow specific one-way traffic when the operator request to open a Wireguard port forward.
Vulnerable versions
All versions containing wireguard functionality.
Ссылки
- https://github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7
- https://nvd.nist.gov/vuln/detail/CVE-2025-27093
- https://github.com/BishopFox/sliver/commit/8e5c5f14506d6d60ebb3362e6b9857ab1e0d76ff
- https://github.com/BishopFox/sliver/commit/9122878cbbcae543eb8210f616550382af2065fd
- https://pkg.go.dev/vuln/GO-2025-4079
Пакеты
github.com/BishopFox/sliver
<= 1.5.43
1.5.44
github.com/bishopfox/sliver
< 1.5.44
1.5.44
Связанные уязвимости
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.