CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41111 – BishopFox Sliver Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-41111
18 Jul 2024 — Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), "there is a clear security boundary between the operator and server, an operator should not inherently be abl... • https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34758
https://notcve.org/view.php?id=CVE-2023-34758
28 Aug 2023 — Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses. Sliver desde la versión 1.5.x hasta la versión 1.5.39 tiene una implementación criptográfica incorrecta, que permite a los atacantes ejecutar un ataque man-in-the-middle a través de respuestas interceptadas y manipuladas. • https://github.com/BishopFox/sliver/releases/tag/v1.5.40 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •