361 matches found
CVE-2025-11493
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
CVE-2025-11492
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
EUVD-2025-34826
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
EUVD-2025-34827
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
CVE-2025-11493
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
CVE-2025-11493
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
CVE-2025-11492
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
CVE-2025-11492
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...
CVE-2025-11492
CVE-2025-11492 concerns the ConnectWise Automate Agent where communications could default to HTTP instead of HTTPS, enabling a man‑in‑the‑middle attacker to intercept, modify, or replay agent–server traffic. The issue is tied to insecure transport, with mitigation in Automate 2025.9: all agent co...
CVE-2025-11492 HTTP Configuration and Encryption in Transit
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
PT-2025-42523
Name of the Vulnerable Software and Affected Versions ConnectWise Automate versions prior to 2025.9 Description The ConnectWise Automate Agent allows for configuration using HTTP instead of HTTPS. This configuration enables a man-in-the-middle attacker to intercept, modify, or replay agent-server...
ConnectWise Automate Agent 安全漏洞
ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from not fully verifying the authenticity of files downloaded from a server, which could lead to a man-in-the-middle attack...
ConnectWise Automate Agent 安全漏洞
ConnectWise Automate Agent is a remote monitoring and management software from ConnectWise USA. A security vulnerability exists in ConnectWise Automate Agent that stems from an improper configuration that allows the use of the HTTP protocol, which could lead to a man-in-the-middle attacker...
EUVD-2021-21710
Malware in sbrugna...
EUVD-2020-7155
Malware in sbrugna...
EUVD-2017-3336
Malware in sbrugna...
EUVD-2021-19422
Malware in sbrugna...
EUVD-2019-7192
Malware in sbrugna...