Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sliver One-Click Remote Access: Insecure CORS & Unauthenticated MCP Interface
Vulnerability Description
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data (e.g. SSH keys, ntds.dit) or destroying the entire compromised infrastructure, entirely through the operator's own browser. This issue has been patched in version 1.7.4.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Sliver 安全漏洞
Vulnerability Description
Sliver是Bishop Fox开源的一个开源的跨平台对手模拟/红队框架。可以被各种规模的组织用来执行安全测试。 Sliver 1.7.4之前版本存在安全漏洞,该漏洞源于未经身份验证的攻击者可通过恶意链接控制C2会话,可能导致数据泄露或基础设施破坏。
CVSS Information
N/A
Vulnerability Type
N/A