Description

An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.

Related CPE's

a

mremoteng

mremoteng

1.76.20

Vulnerable

References

https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md

Not Applicable

https://github.com/mRemoteNG/mRemoteNG/issues/2338

https://packetstormsecurity.com/files/170794/mRemoteNG-1.76.20-Privilege-Escalation.html

Third Party AdvisoryVDB Entry

https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md

Not Applicable

https://github.com/mRemoteNG/mRemoteNG/issues/2338

https://packetstormsecurity.com/files/170794/mRemoteNG-1.76.20-Privilege-Escalation.html

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Primary
CWE-269

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-02-02T11:15:08.893Z

3 years ago

Last modified

2024-11-21T04:14:34.913Z

1 year ago