CVE Vulnerability
CVE-2019-16514
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
References
| Link | Resource |
|---|---|
| https://know.bishopfox.com/advisories | Third Party Advisory |
| https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox | Third Party Advisory |
| https://know.bishopfox.com/advisories/connectwise-control | Exploit Third Party Advisory |
| https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox | Third Party Advisory |
| https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34 | Exploit Third Party Advisory |
Configurations
Configuration 1
|
Information
Published : 2020-01-23 06:15
Updated : 2020-01-28 02:42
NVD link : CVE-2019-16514
Mitre link : CVE-2019-16514
Products Affected
No products.
CWE