CVE-2023-47256

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47256
ConnectWise ScreenConnect through 23.8.4 allows local users to connect to arbitrary relay servers via implicit trust of proxy settings

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:connectwise:automate:-:*:*:*:*:*:*:*
cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*
History

15 Feb 2024, 07:15

Type Values Removed Values Added
References
  • () https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 -

07 Feb 2024, 17:15

Type Values Removed Values Added
CPE cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*
cpe:2.3:a:connectwise:automate:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-287
References () https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix - () https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix - Vendor Advisory
First Time Connectwise
Connectwise screenconnect
Connectwise automate
Summary
  • (es) ConnectWise ScreenConnect hasta 23.8.4 permite a los usuarios locales conectarse a servidores de retransmisión arbitrarios mediante la confianza implícita en la configuración del proxy

01 Feb 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-01 22:15

Updated : 2024-02-15 07:15

NVD link : CVE-2023-47256

Mitre link : CVE-2023-47256

CVE.ORG link : CVE-2023-47256

JSON object : View

Products Affected

connectwise

  • screenconnect
  • automate
CWE
CWE-287

Improper Authentication