CVE-2023-25718
https://notcve.org/view.php?id=CVE-2023-25718
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a "fundamental lack of understanding of Authenticode code signing behavior." • https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc https://www.connectwise.com https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-25719
https://notcve.org/view.php?id=CVE-2023-25719
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations). • https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos https://www.connectwise.com https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2019-16516 – ConnectWise Control 19.2.24707 - Username Enumeration
https://notcve.org/view.php?id=CVE-2019-16516
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username. Se detectó un problema en ConnectWise Control (anteriormente se conoce como ScreenConnect) versión 19.3.25270.7185. Se presenta una vulnerabilidad de enumeración de usuarios, permitiendo a un atacante no autenticado determinar con certeza si una cuenta existe para un nombre de usuario dado. ConnectWise Control version 19.2.24707 suffers from a username enumeration vulnerability. • https://www.exploit-db.com/exploits/50618 http://packetstormsecurity.com/files/165432/ConnectWise-Control-19.2.24707-Username-Enumeration.html https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 https://know.bishopfox.com/advisories https://know.bishopfox.com/advisories/connectwise-control https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox https://www.crn.com/slide-shows/managed-services/connectwise-control-attack • CWE-203: Observable Discrepancy •
CVE-2014-3857 – Kerio Control 8.3.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2014-3857
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. Múltiples vulnerabilidades de inyección SQL en Kerio Control Statistics en Kerio Control (anteriormente WinRoute Firewall) anterior a 8.3.2 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (1) x_16 o (2) x_17 en print.php. Kerio Control versions 8.3.1 and below suffer from a boolean-based blind remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/33954 http://fereidani.com/articles/show/76_kerio_control_8_3_1_boolean_based_blind_sql_injection http://osvdb.org/show/osvdb/108584 http://packetstormsecurity.com/files/127320/Kerio-Control-8.3.1-Blind-SQL-Injection.html http://secunia.com/advisories/59215 http://www.exploit-db.com/exploits/33954 http://www.kerio.com/support/kerio-control/release-history http://www.securityfocus.com/archive/1/532607/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •