Sliver Allows Authenticated Operator-to-Server Remote Code Execution

Description Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. Impact As described in a past issue, "there is a clear security boundary between the operator and server, an operator should not inherently b...

PT-2024-29267 · Sliver · Sliver

Name of the Vulnerable Software and Affected Versions: Sliver version 1.6.0 prerelease Sliver versions prior to 1.6.0 Description: Sliver is an open source cross-platform adversary emulation/red team framework that can be used by organizations of all sizes to perform security testing. It is...