Lucene search
PRIOn knowledge basePRION:CVE-2019-16517HistoryJan 23, 2020 - 6:15 p.m.
Code injection
2020-01-2318:15:00
PRIOn knowledge base
www.prio-n.com
1
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim’s knowledge.
| CPE | Name | Operator | Version |
|---|---|---|---|
| control | eq | 19.3.25270.7185 |
References
blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34
know.bishopfox.com/advisories
know.bishopfox.com/advisories/connectwise-control
www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox
www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox
Related
cve
cve
CVE-2019-16517
2020-01-23 18:15:13
nvd
nvd
CVE-2019-16517
2020-01-23 18:15:13
cvelist
cvelist
CVE-2019-16517
2020-01-23 17:19:23