NVD

Vulnerability Change Records for CVE-2023-35170

Action	Type	Old Value	New Value
Removed	CVSS V3.1	GitHub, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Removed	CWE	GitHub, Inc. CWE-327
Changed	Description	Sliver is an open source cross-platform adversary emulation/red team framework. The cryptography implementation in Sliver up to and including version 1.5.39 allows a man in the middle (MitM) attack with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device. Users are advised to upgrade. There are no known workarounds for this vulnerability.	REJECT This CVE is a duplicate of another CVE.
Removed	Reference	https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go [No Types Assigned]
Removed	Reference	https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go [No Types Assigned]
Removed	Reference	https://github.com/BishopFox/sliver/commit/2d1ea6192cac2ff9d6450b2d96043fdbf8561516 [No Types Assigned]
Removed	Reference	https://github.com/BishopFox/sliver/releases/tag/v1.5.40 [No Types Assigned]
Removed	Reference	https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q [No Types Assigned]