← Back to CVEs
CVE-2019-3980
CRITICAL9.8
Description
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/8/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
solarwinds:dameware_mini_remote_control
Weaknesses (CWE)
CWE-346
References
https://www.tenable.com/security/research/tra-2019-43(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-227-43(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2019-43(af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/research/tra-227-43(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.