CVE-2023-47257

ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution via crafted messages.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix	Vendor Advisory
https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:connectwise:automate:-:::::::*
	cpe:2.3:a:connectwise:screenconnect::::::::

History

21 Nov 2024, 08:30

Type	Values Removed	Values Added
References	~~() https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 -~~	() https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 -
References	~~() https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix - Vendor Advisory~~	() https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix - Vendor Advisory

15 Feb 2024, 07:15

Type	Values Removed	Values Added
References		() https://web.archive.org/web/20240208140218/https://gotham-security.com/screenconnect-cve-2023-47256 -

07 Feb 2024, 14:17

Type	Values Removed	Values Added
References	~~() https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix -~~	() https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.8-security-fix - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
First Time		Connectwise screenconnect Connectwise Connectwise automate
CWE		CWE-94
CPE		cpe:2.3:a:connectwise:screenconnect:::::::: cpe:2.3:a:connectwise:automate:-:::::::*

01 Feb 2024, 22:39

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-01 22:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47257

Mitre link : CVE-2023-47257

CVE.ORG link : CVE-2023-47257

JSON object : View

Products Affected

connectwise

screenconnect
automate

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

8.1 /10