CVE-2021-33527
Summary
| CVE | CVE-2021-33527 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-02 11:15:00 UTC |
| Updated | 2022-04-29 17:47:00 UTC |
| Description | In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mbconnectline | Mbdialup | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MB connect line: Privilege escalation in mbDIALUP <= 3.9R0.0 — German (Germany) | CONFIRM | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
Legacy QID Mappings
- 590653 MB connect line mbDIALUP Privilege escalation Vulnerability (VDE-2021-017)