CVE-2024-41111

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. The exploit is pretty fun as we make the Sliver server pwn itself. As described in a past issue (#65), "there is a clear security boundary between the operator and server, an operator should not inherently be able to run commands or code on the server." An operator who exploited this vulnerability would be able to view all console logs, kick all other operators, view and modify files stored on the server, and ultimately delete the server. This issue has not yet be addressed but is expected to be resolved before the full release of version 1.6.0. Users of the 1.6.0 prerelease should avoid using Silver in production.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57
https://github.com/BishopFox/sliver/issues/65
https://github.com/BishopFox/sliver/pull/1281
https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8
https://sliver.sh/docs?name=Multi-player+Mode
https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57
https://github.com/BishopFox/sliver/issues/65
https://github.com/BishopFox/sliver/pull/1281
https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8
https://sliver.sh/docs?name=Multi-player+Mode

Configurations

No configuration.

History

21 Nov 2024, 09:32

Type	Values Removed	Values Added
References	~~() https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 -~~	() https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 -
References	~~() https://github.com/BishopFox/sliver/issues/65 -~~	() https://github.com/BishopFox/sliver/issues/65 -
References	~~() https://github.com/BishopFox/sliver/pull/1281 -~~	() https://github.com/BishopFox/sliver/pull/1281 -
References	~~() https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8 -~~	() https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8 -
References	~~() https://sliver.sh/docs?name=Multi-player+Mode -~~	() https://sliver.sh/docs?name=Multi-player+Mode -

19 Jul 2024, 13:01

Type	Values Removed	Values Added
Summary		(es) Sliver es un framework de trabajo de equipo rojo/emulación de adversario multiplataforma de código abierto que puede ser utilizado por organizaciones de todos los tamaños para realizar pruebas de seguridad. La versión 1.6.0 (prelanzamiento) de Sliver es vulnerable a RCE en el servidor de equipos por parte de un usuario "operador" con pocos privilegios. El RCE actúa como usuario raíz del sistema. El exploit es bastante divertido ya que hacemos que el servidor Sliver se utilice. Como se describió en una edición anterior (#65), "existe un límite de seguridad claro entre el operador y el servidor, un operador no debería poder ejecutar comandos o códigos en el servidor". Un operador que explotara esta vulnerabilidad podría ver todos los registros de la consola, expulsar a todos los demás operadores, ver y modificar archivos almacenados en el servidor y, en última instancia, eliminar el servidor. Este problema aún no se ha solucionado, pero se espera que se resuelva antes del lanzamiento completo de la versión 1.6.0. Los usuarios de la versión preliminar 1.6.0 deben evitar el uso de Silver en producción.

18 Jul 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-18 23:15

Updated : 2024-11-21 09:32

NVD link : CVE-2024-41111

Mitre link : CVE-2024-41111

CVE.ORG link : CVE-2024-41111

JSON object : View

Products Affected

No product.

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

7.2 /10