Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sliver does not restricted traffic between Wireguard clients.
Vulnerability Description
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Sliver 访问控制错误漏洞
Vulnerability Description
Sliver是Bishop Fox开源的一个开源的跨平台对手模拟/红队框架。可以被各种规模的组织用来执行安全测试。 Sliver 1.5.43及之前版本和1.6.0-dev版本存在访问控制错误漏洞,该漏洞源于Wireguard客户端之间的流量不受限制,可能导致泄露或恢复的密钥对被用于攻击操作者或允许其他植入物访问端口转发。
CVSS Information
N/A
Vulnerability Type
N/A