Solarwinds: >> Dameware Mini Remote Control Security Vulnerabilities
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-07-13
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
CVSS Score
9.8
EPSS Score
0.306
Published
2019-10-08
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.
CVSS Score
7.4
EPSS Score
0.066
Published
2019-06-07
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
CVSS Score
7.5
EPSS Score
0.151
Published
2019-05-02
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-09-07
Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link.
CVSS Score
7.5
EPSS Score
0.094
Published
2015-11-17
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-03-23