CVE-2021-34546
Summary
| CVE | CVE-2021-34546 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-10 16:15:00 UTC |
| Updated | 2021-06-22 00:52:00 UTC |
| Description | An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature. To accomplish this, the attacker can navigate to cmd.exe. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Windows IP Freeware NetSetMan: Network Settings Manager (LAN & WiFi) | MISC | www.netsetman.com | |
| Full Disclosure: secuvera-SA-2021-01: Privilege Escalation in NetSetMan Pro 4.7.2 | FULLDISC | seclists.org | |
| NetSetManPro 4.7.2 Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Sicherheitsberatung, Penetrationstests, BSI-Prüfstelle - secuvera GmbH | MISC | www.secuvera.de | |
| www.secuvera.de/advisories/secuvera-SA-2021-01.txt | MISC | www.secuvera.de | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.