CVE-2023-25718 - Vulnerability Details - OpenCVE

ReportizFlow

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a "fundamental lack of understanding of Authenticode code signing behavior."

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Connectwise	Control

Configuration 1 [-]

cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/
https://www.connectwise.com
https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures
https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-13T00:00:00

Updated: 2024-08-02T11:32:11.396Z

Reserved: 2023-02-13T00:00:00

Link: CVE-2023-25718

Vulnrichment

Updated: 2024-08-02T11:32:11.396Z

NVD

Status : Modified

Published: 2023-02-13T20:15:11.040

Modified: 2024-11-21T07:49:59.913

Link: CVE-2023-25718

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-25718", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T11:32:11.396Z", "dateReserved": "2023-02-13T00:00:00", "datePublished": "2023-02-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-22T17:38:25.447673"}, "descriptions": [{"lang": "en", "value": "In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a \"fundamental lack of understanding of Authenticode code signing behavior.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.connectwise.com"}, {"url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/"}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-22T15:04:00.656149Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:18:47.046Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:11.396Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.connectwise.com", "tags": ["x_transferred"]}, {"url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/", "tags": ["x_transferred"]}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity", "tags": ["x_transferred"]}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.connectwise.com", "tags": ["x_transferred"]}, {"url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/", "tags": ["x_transferred"]}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity", "tags": ["x_transferred"]}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:32:11.396Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25718", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-22T15:04:00.656149Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-24T22:23:36.875Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.connectwise.com"}, {"url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/"}, {"url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"}, {"url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures"}], "descriptions": [{"lang": "en", "value": "In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a \"fundamental lack of understanding of Authenticode code signing behavior.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-22T17:38:25.447673"}}}, "cveMetadata": {"cveId": "CVE-2023-25718", "state": "PUBLISHED", "dateUpdated": "2024-08-02T11:32:11.396Z", "dateReserved": "2023-02-13T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-02-13T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:connectwise:control:*:*:*:*:*:*:*:*", "matchCriteriaId": "E662D8E7-CE49-4030-91E7-8D132A25F9C5", "versionEndIncluding": "22.9.10032", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a \"fundamental lack of understanding of Authenticode code signing behavior.\""}, {"lang": "es", "value": "En ConnectWise Control hasta 22.9.10032 (anteriormente conocido como ScreenConnect), despu\u00e9s de firmar un archivo ejecutable, se pueden agregar instrucciones adicionales sin invalidar la firma, como instrucciones que dan como resultado ofrecer al usuario final un archivo ejecutable (diferente) controlado por el atacante. Es posible que el usuario final permita que se realice la descarga y ejecuci\u00f3n de este archivo. Hay opciones de configuraci\u00f3n de ConnectWise Control que agregan mitigaciones. NOTA: esto puede superponerse a CVE-2023-25719. NOTA: la posici\u00f3n del proveedor es que esta supuesta vulnerabilidad representa una \"falta fundamental de comprensi\u00f3n del comportamiento de firma del c\u00f3digo Authenticode\"."}], "id": "CVE-2023-25718", "lastModified": "2024-11-21T07:49:59.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-02-13T20:15:11.040", "references": [{"source": "[email protected]", "tags": ["Not Applicable"], "url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/"}, {"source": "[email protected]", "tags": ["Product"], "url": "https://www.connectwise.com"}, {"source": "[email protected]", "url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures"}, {"source": "[email protected]", "url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://cybir.com/2022/cve/connectwise-control-dns-spoofing-poc/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.connectwise.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.connectwise.com/blog/cybersecurity/the-importance-of-responsible-security-disclosures"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "[email protected]", "type": "Primary"}]}