CVE-2023-25719 Information

Description

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector.

Reference

https://www.connectwise.com https://cybir.com/2022/cve/hijacking-connectwise-control-and-ddos/