CVE-2021-33527

Опубликовано: 02 авг. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

Ссылки

https://cert.vde.com/de-de/advisories/vde-2021-017
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2021-017
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mbconnectline:mbdialup:*:*:*:*:*:*:*:*

Версия до 3.9r0.0 (включая)

EPSS

Процентиль: 91%

0.06378

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-hrmp-939q-g4mq

CVSS3: 7.8

github

больше 3 лет назад

In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM that won't be validated correctly and allows for an arbitrary code execution with the privileges of the service.

BDU:2021-05601