Removed |
CVSS V3.1 |
GitHub, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
Removed |
CWE |
GitHub, Inc. CWE-327
|
|
Changed |
Description |
Sliver is an open source cross-platform adversary emulation/red team framework. The cryptography implementation in Sliver up to and including version 1.5.39 allows a man in the middle (MitM) attack with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
** REJECT ** This CVE is a duplicate of another CVE.
|
Removed |
Reference |
https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go [No Types Assigned]
|
|
Removed |
Reference |
https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go [No Types Assigned]
|
|
Removed |
Reference |
https://github.com/BishopFox/sliver/commit/2d1ea6192cac2ff9d6450b2d96043fdbf8561516 [No Types Assigned]
|
|
Removed |
Reference |
https://github.com/BishopFox/sliver/releases/tag/v1.5.40 [No Types Assigned]
|
|
Removed |
Reference |
https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q [No Types Assigned]
|
|