CyberSec.Space Logo
Back to CVE Browser

CVE-2019-16513

HIGH
8.8
CVSS Severity Score
EPSS Score0.1890%
EPSS Percentile17.61th
PublishedJan 23, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.

Affected Platforms (CPE)

πŸ“¦
Connectwise

Control

= 19.3.25270.7185

References & Advisories

πŸ”— https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34
πŸ”— https://know.bishopfox.com/advisories
πŸ”— https://know.bishopfox.com/advisories/connectwise-control
πŸ”— https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox
πŸ”— https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox
πŸ”— https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34
πŸ”— https://know.bishopfox.com/advisories
πŸ”— https://know.bishopfox.com/advisories/connectwise-control

Related Vulnerabilities

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-186710.0

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypa...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-954810.0

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.