Vulnerability Details CVE-2019-3980
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.409
EPSS Ranking 97.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-3980
-
cpe:2.3:a:solarwinds:dameware_mini_remote_control:12.1.0.89