← Zuruck zu CVEs
CVE-2019-3980
CRITICAL9.8
Beschreibung
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/8/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
solarwinds:dameware_mini_remote_control
Schwachen (CWE)
CWE-346
Referenzen
https://www.tenable.com/security/research/tra-2019-43(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-227-43(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2019-43(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/research/tra-227-43(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.