CVE-2021-31217

Description

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

Related CPE's

asolarwindsdameware_mini_remote_control12.0.1.200*******

vulnerable

References

https://support.solarwinds.com/SuccessCenter/s/

Vendor Advisory

https://documentation.solarwinds.com/en/success_center/dameware/content/release_notes/dameware_12-2_release_notes.htm

Release NotesVendor Advisory

CvssV3 impact

BaseSeverity

CRITICAL

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

9.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

9.4

VectorString

AV:N/AC:L/Au:N/C:N/I:C/A:C

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io