SB2019100820 - Remote code execution in Solarwinds Dameware Mini Remote Client agent 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019100820

SB2019100820 - Remote code execution in Solarwinds Dameware Mini Remote Client agent

Published: October 8, 2019 Updated: October 20, 2021

Security Bulletin ID SB2019100820
Severity
High
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Input validation error (CVE-ID: CVE-2019-3980)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the affected software supports smart card authentication by default which allows a user to upload an executable to be executed on the DWRCS.exe host. The executable will be saved in C:\Windows\Temp\ as dwDrvInst.exe and executed with the privileges of the Local System account. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

PoC:

 python dwrcs_dwDrvInst_rce.py -t  -e

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References