CVE-2023-35170 Information
Description
Sliver is an open source cross-platform adversary emulation/red team framework. The cryptography implementation in Sliver up to and including version 1.5.39 allows a man in the middle (MitM) attack with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Reference
https://github.com/BishopFox/sliver/commit/2d1ea6192cac2ff9d6450b2d96043fdbf8561516 https://github.com/BishopFox/sliver/releases/tag/v1.5.40 https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go
Share on: