Insecure File Permissions in SolarWinds DameWare Mini Remote Control Server
CVE-2021-31217

9.1CRITICAL

Key Information:

Vendor: Solarwinds
Status: Dameware Mini Remote Control
Vendor: CVE Published:; 13 July 2021

What is CVE-2021-31217?

The SolarWinds DameWare Mini Remote Control Server version 12.0.1.200 suffers from a security issue due to improper file permissions, allowing users to delete files with SYSTEM privileges. This vulnerability can lead to unauthorized actions within the system, potentially compromising sensitive information and undermining the integrity of remote management operations. Users are advised to review their file permission settings and apply necessary mitigations to protect against potential exploitation.

References

https://support.solarwinds.com/SuccessCenter/s/

x_refsource_MISC

https://documentation.solarwinds.com/en/success_center/da...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Apr 15, 2021

Solarwinds

What is CVE-2021-31217?

References

CVSS V3.1

Timeline