QID 590653

Date Published: 2022-01-06

QID 590653: MB connect line mbDIALUP Privilege escalation Vulnerability (VDE-2021-017)

mbDIALUP is a secure software client for establishing an encrypted connection to the machine network.

Affected Versions:
All versions less than or equal to 3.9.0.0

Fixed Version
Update to 3.9.0.5

QID Detection Logic (Authenticated):

QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys

Multiple Vulnerabilities in mbConnect24serv (a software service of mbDIALUP) can lead to arbitrary code execution due to improper privilege management.

CVSS V3 rated as High - 7.8 severity.

CVSS V2 rated as High - 7.2 severity.

Solution

Customers are advised to refer to CERT MITIGATIONS section VDE-2021-017 for affected packages and patching details.

Vendor References

VDE-2021-017 - cert.vde.com/de/advisories/VDE-2021-017/

CVEs related to QID 590653

CVE-2021-33526 | CVE-2021-33527 |

Software Advisories

Advisory ID	Software	Component	Link
VDE-2021-017			cert.vde.com/de/advisories/VDE-2021-017/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].