Vulnerability Details CVE-2019-3980
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.306
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-3980
-
cpe:2.3:a:solarwinds:dameware_mini_remote_control:12.1.0.89