Login Sign Up

CVE-2023-51842

7.5 HIGH
Authentication Bypass

📋 TL;DR

CVE-2023-51842 is an algorithm-downgrade vulnerability in MeshCentral 1.1.16 that allows attackers to force weaker cryptographic algorithms during connections, potentially compromising security. This affects all users running vulnerable versions of MeshCentral server software. The vulnerability stems from improper handling of cryptographic negotiation.

💻 Affected Systems

Products:
  • Ylianst MeshCentral
Versions: Version 1.1.16 specifically
Operating Systems: All platforms running MeshCentral
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of MeshCentral 1.1.16 are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Meshcentral by Meshcentral

View all CVEs affecting Meshcentral →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could intercept and decrypt sensitive communications, perform man-in-the-middle attacks, and potentially gain unauthorized access to managed systems.

🟠

Likely Case

Attackers downgrade encryption to weaker algorithms, enabling eavesdropping on administrative sessions and sensitive data transmission.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to potential information disclosure within isolated segments.

🌐 Internet-Facing: HIGH - Internet-facing MeshCentral servers are directly exposed to algorithm-downgrade attacks from any remote attacker.
🏢 Internal Only: MEDIUM - Internal servers are still vulnerable to internal threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to MeshCentral server but no authentication. Public proof-of-concept demonstrates the downgrade attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.1.16

Vendor Advisory: https://github.com/Ylianst/MeshCentral/tree/master

Restart Required: Yes

Instructions:

1. Backup current MeshCentral configuration. 2. Update MeshCentral to latest version using npm update. 3. Restart MeshCentral service. 4. Verify version is no longer 1.1.16.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MeshCentral server from untrusted networks

TLS Enforcement

all

Configure MeshCentral to require TLS 1.2+ and strong ciphers only

Edit MeshCentral config.json to set 'tlsOptions' with minVersion: 'TLSv1.2' and secure cipher suites

🧯 If You Can't Patch

  • Implement strict network access controls to limit MeshCentral server exposure
  • Monitor for unusual connection patterns or cryptographic negotiation failures

🔍 How to Verify

Check if Vulnerable:

Check MeshCentral version in web interface or via 'npm list meshcentral' command. If version is exactly 1.1.16, system is vulnerable.

Check Version:

npm list meshcentral | grep meshcentral

Verify Fix Applied:

Verify version is greater than 1.1.16 and test connections cannot be downgraded to weak algorithms.

📡 Detection & Monitoring

Log Indicators:

  • Unusual connection patterns
  • Failed cryptographic handshakes
  • Downgrade negotiation attempts

Network Indicators:

  • Unexpected algorithm negotiation patterns
  • Connections using weak ciphers

SIEM Query:

source="meshcentral" AND (event="handshake_failure" OR cipher="*RC4*" OR cipher="*DES*" OR cipher="*3DES*")

📊 Metadata

CVE ID: CVE-2023-51842
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: January 29, 2024
Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON