CVE-2019-3980

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

Published : 2019-10-08 20:15 Updated : 2019-10-15 16:13

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Solarwinds Dameware Mini Remote Control Firmware 12.1.0.89 cpe:/o:solarwinds:dameware_mini_remote_control_firmware:12.1.0.89
  1. Solarwinds (1) Search CVE
    1. Dameware Mini Remote Control Firmware (1) Search CVE
      1. 12.1.0.89

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-15 16:13
2019-10-08 20:30

New CVE