cbcvebase.

Idrive Remotepc vulnerabilities

6 known vulnerabilities affecting idrive/remotepc.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2021-34690P2CRITICALCVSS 9.8fixed in 7.6.482021-07-15
CVE-2021-34690 [CRITICAL] CWE-287 CVE-2021-34690: iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980.
nvd
CVE-2021-34692P3HIGHCVSS 7.8fixed in 7.6.482021-07-15
CVE-2021-34692 [HIGH] CWE-829 CVE-2021-34692: iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged use iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.
nvd
CVE-2021-34691P3HIGHCVSS 7.5fixed in 4.0.12021-07-15
CVE-2021-34691 [HIGH] CVE-2021-34691: iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacke iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port.
nvd
CVE-2021-34689P4MEDIUMCVSS 5.5fixed in 7.6.482021-07-15
CVE-2021-34689 [MEDIUM] CWE-532 CVE-2021-34689: iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated atta iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.
nvd
CVE-2021-34687P4MEDIUMCVSS 5.3fixed in 7.6.482021-07-15
CVE-2021-34687 [MEDIUM] CWE-327 CVE-2021-34687: iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can reco iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.
nvd
CVE-2021-34688P4LOWCVSS 3.3fixed in 7.6.482021-07-15
CVE-2021-34688 [LOW] CWE-798 CVE-2021-34688: iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated atta iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.
nvd
Idrive Remotepc vulnerabilities | cvebase