Executable File Vulnerability in ConnectWise Control by ConnectWise
CVE-2023-25718

9.8CRITICAL

Key Information:

Vendor: Connectwise
Status: Control
Vendor: CVE Published:; 13 February 2023

🔔 Create Connectwise Vulnerability Alert

What is CVE-2023-25718?

In recent versions of ConnectWise Control, specifically 22.9.10032, a vulnerability exists wherein after an executable file is signed, additional instructions can be appended to the file without invalidating the signature. This manipulation may result in end users being presented with a malicious executable file controlled by an attacker. Given that users might inadvertently allow the download and execution of this file, it poses a significant risk. While there are configuration options within ConnectWise Control that can mitigate these risks, users should remain vigilant and informed about the underlying behaviors of Authenticode code signing.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cybir.com/2022/cve/connectwise-control-dns-spoofi...

https://www.connectwise.com/blog/cybersecurity/the-import...

https://m.youtube.com/watch?v=fbNVUgmstSc&pp=0gcJCf0Ao7Vq...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Feb 13, 2023

JSON

Connectwise

What is CVE-2023-25718?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.