Lucene search

GoogleOSV:GO-2023-1866

HistoryAug 20, 2024 - 8:31 p.m.

Silver vulnerable to MitM attack against implants due to a cryptography vulnerability in github.com/bishopfox/sliver

2024-08-2020:31:35

Google

osv.dev

silver

implants

mitm

attack

vulnerability

cryptography

github

bishopfox

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

48.2%

JSON

Silver vulnerable to MitM attack against implants due to a cryptography vulnerability in github.com/bishopfox/sliver

References

github.com/advisories/GHSA-8jxm-xp43-qh3q

github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go

github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go

github.com/BishopFox/sliver/commit/2d1ea6192cac2ff9d6450b2d96043fdbf8561516

github.com/BishopFox/sliver/releases/tag/v1.5.40

github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q

github.com/tangent65536/Slivjacker

nvd.nist.gov/vuln/detail/CVE-2023-34758

nvd.nist.gov/vuln/detail/CVE-2023-35170

www.chtsecurity.com/news/04f41dcc-1851-463c-93bc-551323ad8091

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

48.2%

JSON

Related for OSV:GO-2023-1866