Описание
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
Ссылки
- https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:connectwise:control:19.3.25270.7185:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08954
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
EPSS
Процентиль: 92%
0.08954
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-434