Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2023-25719
HistoryFeb 13, 2023 - 12:00 a.m.

CVE-2023-25719

2023-02-1300:00:00
mitre
www.cve.org
connectwise control
parameter validation
reflected data
malicious code
denial-of-service

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers’ installations).

Related

cve 2
prion 2
nvd 2
cvelist 1
vulnrichment 1
cve
cve
CVE-2023-25719
2023-02-13 20:15:11
CVE-2023-25718
2023-02-13 20:15:11
prion
prion
Code injection
2023-02-13 20:15:00
Privilege escalation
2023-02-13 20:15:00
nvd
nvd
CVE-2023-25719
2023-02-13 20:15:11
CVE-2023-25718
2023-02-13 20:15:11
cvelist
cvelist
CVE-2023-25718
2023-02-13 00:00:00
vulnrichment
vulnrichment
CVE-2023-25718
2023-02-13 00:00:00

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON
Related for CVELIST:CVE-2023-25719
cve2prion2nvd2cvelist1vulnrichment1