HIGH🇬🇧 English

CVE-2023-25719

CVSS 8.8v3.1pub. 2023-02-13upd. 2025-06-19

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Connectwise Control

    APP
    Connectwise
    < 22.9.10032
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-25718CRITICAL9.8ten sam produkt

In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signe...

CVE-2019-16517CRITICAL9.8ten sam produkt

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a C...

CVE-2019-16514HIGH7.2ten sam produkt

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server a...

CVE-2019-16513HIGH8.8ten sam produkt

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be ...

CVE-2019-16515MEDIUM6.5ten sam produkt

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP...