Solarwinds Dameware Mini Remote Control vulnerabilities
7 known vulnerabilities affecting solarwinds/dameware_mini_remote_control.
Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-3980P1CRITICALCVSS 9.8ExploitedPoCv12.1.0.892019-10-08
CVE-2019-3980 [CRITICAL] CWE-346 CVE-2019-3980: The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
nvd
CVE-2019-9017P2HIGHCVSS 7.5PoCv10.02019-05-02
CVE-2019-9017 [HIGH] CWE-787 CVE-2019-9017: DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
nvd
CVE-2018-12897P3HIGHCVSS 7.8PoCfixed in 12.12018-09-07
CVE-2018-12897 [HIGH] CWE-119 CVE-2018-12897: SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
nvd
CVE-2019-3957P3HIGHCVSS 7.4≤ 12.1.0.342019-06-07
CVE-2019-3957 [HIGH] CWE-20 CVE-2019-3957: Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer o
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.
nvd
CVE-2021-31217P3CRITICALCVSS 9.1v12.0.1.2002021-07-13
CVE-2021-31217 [CRITICAL] CWE-276 CVE-2021-31217: In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file d
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
nvd
CVE-2015-8220P3HIGHCVSS 7.5≤ 12.02015-11-17
CVE-2015-8220 [HIGH] CWE-119 CVE-2015-8220: Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Contr
Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link.
nvd
CVE-2004-1852P4MEDIUMCVSS 5.0≥ 3.0, < 3.74≥ 4.0, < 4.22004-03-23
CVE-2004-1852 [MEDIUM] CWE-319 CVE-2004-1852: DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption ke
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
nvd