Lucene search

[email protected]NVD:CVE-2023-47256

HistoryFeb 01, 2024 - 10:15 p.m.

CVE-2023-47256

2024-02-0122:15:55

CWE-287

[email protected]

web.nvd.nist.gov

connectwise screenconnect

vulnerability

security

23.8.4

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings

Affected configurations

Nvd

Node

connectwiseautomateMatch-

connectwisescreenconnectRange<23.8.5

VendorProductVersionCPE
connectwiseautomate-cpe:2.3:a:connectwise:automate:-:*:*:*:*:*:*:*
connectwisescreenconnect*cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
connectwise	automate	-	cpe:2.3:a:connectwise:automate:-:::::::*
connectwise	screenconnect	*	cpe:2.3:a:connectwise:screenconnect::::::::

References

web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256

www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-47256

vulnrichment1 prion1 cvelist1 cve1