Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
Package
Affected versions
>= 1.5.0, < 1.5.40
Patched versions
1.5.40
Description
Published to the GitHub Advisory Database
Jun 21, 2023
Reviewed
Jun 21, 2023
Published by the National Vulnerability Database
Jun 26, 2023
Last updated
Nov 18, 2024
Summary
The current cryptography implementation in Sliver up to version 1.5.39 allows a MitM with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. (Reserved CVE ID: CVE-2023-34758)
Details
Please see the PoC repo.
PoC
Please also see the PoC repo.
To setup a simple PoC environment,
notepad.exe
window should pop up on the implanted VM.Impact
A successful attack grants the attacker permission to execute arbitrary code on the implanted device.
References
https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.go
https://github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.go
https://github.com/tangent65536/Slivjacker
Credits
Ting-Wei Hsieh from CHT Security Co. Ltd.
References