September 25, 2023

ConnectWise, a remote management  platform  has patched a cross-site scripting) vulnerability that could lead to remote code execution. Threat actors could exploit it to take complete control of the ConnectWise platform.

“After testing and validating several attack vectors, we have found that in the case of the Page. Title resource, the user input validation is not being taken care of, leaving it vulnerable to a ‘Stored XSS’ exploitation, The user’s input is inserted directly, as is, in between the tags on any page of the web app” reads the Researchers statement.

This included the landing page for visitors, the admin login page and any of the internal admin pages. Any code maliciously inject in between the tags with some manipulations is executed as any other code in the context of the web app as if it was authored by the official owner of the service.

Advertisements

The  script executing from this context would give an attacker full control over any element of the web app, potentially altering elements on the page, as well as connection to the backend servers.

This can harm any potential visitor be used to abuse the hosting services itself allowing misuse of ConnectWise hosting, identity, and certificate to serve malicious code or gain full access to admin pages even after the trial period is over.

Researchers confirmed that they disclosed the vulnerability earlier this year, which ConnectWise promptly patched on August 8, 2022, in v22.6.

Tags:

Leave a Reply

You may have missed

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023

Air Canada Reveals Data Exposure due to a Cyberattack

September 23, 2023

SandMan APT Group in action against Telcos

September 22, 2023
%d bloggers like this: