CVE-2019-3980
Summary
| CVE | CVE-2019-3980 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-08 20:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account. |
Risk And Classification
Problem Types: CWE-346
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Solarwinds | Dameware Mini Remote Control | 12.1.0.89 | All | All | All |
| Application | Solarwinds | Dameware Mini Remote Control | 12.1.0.89 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SolarWinds Dameware Mini Remote Control Unauthenticated RCE - Research Advisory | Tenable® | MISC | www.tenable.com | Third Party Advisory |
| SolarWinds Dameware Mini Remote Control Unauthenticated RCE - Research Advisory | Tenable® | MISC | www.tenable.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.