vulnerability

SolarWinds DameWare Mini Remote Control: Origin Validation Error (CVE-2019-3980)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Oct 8, 2019	Mar 4, 2021	Aug 5, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Oct 8, 2019

Added

Mar 4, 2021

Modified

Aug 5, 2021

Description

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

Solution

solarwinds-dameware-mini-remote-control-upgrade-latest

References

CVE-2019-3980
https://attackerkb.com/topics/CVE-2019-3980
URL-https://www.tenable.com/security/research/tra-2019-43
URL-https://www.tenable.com/security/research/tra-227-43

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today