CVE-2023-35170 in sliverinformation

Résumé

par MITRE • 26/06/2023

Sliver is an open source cross-platform adversary emulation/red team framework. The cryptography implementation in Sliver up to and including version 1.5.39 allows a man in the middle (MitM) attack with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Divulgation

26/06/2023

Modérer

accepté

Entrée

VDB-232105

CPE

prêt

EPSS

0.00588

KEV

non

Activités

très faible

Sources

Do you know our Splunk app?

Download it now for free!