Lucene search

K

MitreCVELIST:CVE-2019-16517

HistoryJan 23, 2020 - 5:19 p.m.

CVE-2019-16517

2020-01-2317:19:23

mitre

www.cve.org

9.4 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim’s knowledge.

References

blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34

know.bishopfox.com/advisories

know.bishopfox.com/advisories/connectwise-control

www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox

www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox

9.4 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

Related for CVELIST:CVE-2019-16517

prion1 cve1 nvd1