NotCVE - vendor:"Connectwise" product:"Control" version:" <= 22.9.10032"

Page 2 of 11 results (0.003 seconds)

CVSS: 5.3EPSS: 9%CPEs: 2EXPL: 4

CVE-2019-16516 – ConnectWise Control 19.2.24707 - Username Enumeration

https://notcve.org/view.php?id=CVE-2019-16516

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username. Se detectó un problema en ConnectWise Control (anteriormente se conoce como ScreenConnect) versión 19.3.25270.7185. Se presenta una vulnerabilidad de enumeración de usuarios, permitiendo a un atacante no autenticado determinar con certeza si una cuenta existe para un nombre de usuario dado. ConnectWise Control version 19.2.24707 suffers from a username enumeration vulnerability. • https://www.exploit-db.com/exploits/50618 http://packetstormsecurity.com/files/165432/ConnectWise-Control-19.2.24707-Username-Enumeration.html https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/connectwise-control https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox https://www.crn.com/slide-shows/managed-services/connectwise-control-attack • CWE-203: Observable Discrepancy •

CVSS: 7.2EPSS: 8%CPEs: 1EXPL: 2

CVE-2019-16514

https://notcve.org/view.php?id=CVE-2019-16514

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server. Se detectó un problema en ConnectWise Control (anteriormente se conoce como ScreenConnect) versión 19.3.25270.7185. El servidor permite una ejecución de código remota. • https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/connectwise-control https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-16517

https://notcve.org/view.php?id=CVE-2019-16517

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge. Se detectó un problema en ConnectWise Control (anteriormente se conoce como ScreenConnect) versión 19.3.25270.7185. Se presenta una configuración inapropiada de CORS, que reflejó el Origen proporcionado por las peticiones entrantes. • https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/connectwise-control https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox • CWE-346: Origin Validation Error •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-16512

https://notcve.org/view.php?id=CVE-2019-16512

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier. Se detectó un problema en ConnectWise Control (anteriormente se conoce como ScreenConnect) versión 19.3.25270.7185. Se presenta una vulnerabilidad de tipo XSS almacenado en el modificador Appearance. • https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/connectwise-control https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-16513

https://notcve.org/view.php?id=CVE-2019-16513

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests. Se detectó un problema en ConnectWise Control (anteriormente se conoce como ScreenConnect) versión 19.3.25270.7185. Una vulnerabilidad de tipo CSRF puede ser usada para enviar peticiones de la API. • https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/connectwise-control https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2 3