CHT Security Blue Team Discovered a MitM Command Injection Vulnerability in an Open-Source Red-Team Penetration Testing Framework (CVE-2023-34758)

CVSSv3.0：8.1/10

Affected Versions: >= 1.5.0, < 1.5.40

Abstract:
   A flaw was discovered in the cryptographic key-exchange protocol in a C2 framework up to version 1.5.39. The weakness allows a MitM with access to an implant binary to hijack connections between the corresponding implant and its C2 server, and to subsequently execute arbitrary code on the implanted device.

Details:
   The flawed ECDH key-exchange protocol implementation in a C2 uses static private and public keys embedded in the implant executable to derive a shared secret. This gives the attacker with access to an implant executable ability to derive the corresponding shared secret used by the open-source red-team penetration testing framework to establish secure connections. A man-in-the-middle can exploit the weakness to retrieve encryption keys form the corresponding implant’s traffic and forge valid encrypted data streams, granting the attacker ability to execute arbitrary code on the implanted device.

Mitigation:
 Update the framework to 1.5.40 or newer versions.

References:
https://github.com/advisories/GHSA-8jxm-xp43-qh3q