FortiClient Vulnerability

Solarwinds DameWare Mini Remote Control Arbitrary Code Execution Vulnerability

Description

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. In version 12.1.0.89 remote attackers can request smart card login and upload and execute an arbitrary exeutable run under the Local System account. Versions prior to 12.1.0.34 contain remote buffer over-read and buffer overflow vulnerabilities.

Affected Applications

Solarwinds DameWare Mini Remote Control

CVE References

CVE-2021-31217 CVE-2019-3980 CVE-2019-3957 CVE-2018-12897

Other References

https://documentation.solarwinds.com/en/success_center/dameware/content/release_notes/dameware_12-2_release_notes.htm

ID	2392
Created	Sep 21, 2023
Description Updated	Sep 21, 2023
Risk
Coverage	FortiClient
OS	Windows
Vendor	Solarwinds
Patch	manual
Application	Solarwinds DameWare Mini Remote Control

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Solarwinds DameWare Mini Remote Control Arbitrary Code Execution Vulnerability

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Solarwinds DameWare Mini Remote Control Arbitrary Code Execution Vulnerability

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center