CVE-2023-38354 – MiniTool Shadow Maker version 4.1 has an insecu... (How to Fix)

📋 TL;DR

MiniTool Shadow Maker version 4.1 has an insecure installation process vulnerable to man-in-the-middle attacks, allowing attackers to intercept and modify installation files to achieve remote code execution. This affects all users installing or updating the software over untrusted networks. The vulnerability stems from improper certificate validation during download.

💻 Affected Systems

Products:

MiniTool Shadow Maker

Versions: Version 4.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists during installation/update process when downloading over HTTP or improperly validated HTTPS connections.

📦 What is this software?

Shadowmaker by Minitool

View all CVEs affecting Shadowmaker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining administrative privileges, installing persistent malware, stealing sensitive data, and pivoting to other systems on the network.

🟠

Likely Case

Attacker gains initial foothold on victim system, potentially leading to ransomware deployment, credential theft, or data exfiltration.

🟢

If Mitigated

Attack prevented through proper network segmentation, certificate validation, or offline installation methods.

🌐 Internet-Facing: HIGH - Installation downloads from internet sources are vulnerable to interception by network-based attackers.

🏢 Internal Only: MEDIUM - Risk exists if attackers have internal network access or can intercept internal traffic.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network position to intercept traffic; exploit tools for similar MITM attacks are widely available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check MiniTool website for updated version
2. Uninstall vulnerable version 4.1
3. Download latest version from official source
4. Verify digital signature before installation

🔧 Temporary Workarounds

Use offline installation

windows

Download installation package from trusted source and verify hash/signature before installing offline

certutil -hashfile ShadowMakerSetup.exe SHA256

Network segmentation

all

Install software only on isolated, trusted networks to prevent MITM attacks

🧯 If You Can't Patch

Discontinue use of MiniTool Shadow Maker version 4.1 and switch to alternative backup software
Implement strict network monitoring and egress filtering to detect suspicious installation traffic

🔍 How to Verify

Check if Vulnerable:

Check installed version: Open MiniTool Shadow Maker → Help → About. If version is 4.1, system is vulnerable.

Check Version:

wmic product where name="MiniTool Shadow Maker" get version

Verify Fix Applied:

Verify installed version is newer than 4.1 and check installation source used HTTPS with proper certificate validation.

📡 Detection & Monitoring

Log Indicators:

Unusual network connections during software installation
Failed certificate validation events
Process creation from unexpected installation paths

Network Indicators:

HTTP traffic to software download servers
SSL/TLS interception attempts
Unusual download patterns for installation files

SIEM Query:

source="*install*" AND (http OR https) AND ("MiniTool" OR "Shadow Maker")

📊 Metadata

CVE ID: CVE-2023-38354

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: September 19, 2023

Last Updated: November 21, 2024

🔗 References

https://0dr3f.github.io/cve/ Third Party Advisory
https://0dr3f.github.io/cve/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38354, you might also want to check these: