Lucene search

MitreCVE-2023-34758

HistoryAug 28, 2023 - 12:15 p.m.

CVE-2023-34758

2023-08-2812:15:09

CWE-327

mitre

web.nvd.nist.gov

cve-2023-34758

sliver

v1.5.x

v1.5.39

cryptographic implementation

man-in-the-middle attack

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.

Affected configurations

Nvd

Node

bishopfoxsliverRange1.5.0–1.5.40

VendorProductVersionCPE
bishopfoxsliver*cpe:2.3:a:bishopfox:sliver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bishopfox	sliver	*	cpe:2.3:a:bishopfox:sliver::::::::

References

github.com/advisories/GHSA-8jxm-xp43-qh3q

github.com/BishopFox/sliver/releases/tag/v1.5.40

github.com/tangent65536/Slivjacker

www.chtsecurity.com/news/04f41dcc-1851-463c-93bc-551323ad8091

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

Related for CVE-2023-34758