10

CVE-2019-3980

Exploit

EPSS 40.91%
Veröffentlicht 08.10.2019 20:15:12
Zuletzt bearbeitet 21.11.2024 04:42:59
Quelle vulnreport@tenable.com
CVE-Watchlists
Login
Unerledigt
Login

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Dameware Mini Remote Control Version12.1.0.89

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	40.91%	0.972

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://www.tenable.com/security/research/tra-2019-43

Third Party Advisory

https://www.tenable.com/security/research/tra-227-43

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-3980

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3980

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3980

EUVD