Insecure File Permissions in SolarWinds DameWare Mini Remote Control Server
CVE-2021-31217

9.1CRITICAL

Key Information:

Vendor
Solarwinds
Status
Dameware Mini Remote Control
Vendor
CVE Published:
13 July 2021

Summary

The SolarWinds DameWare Mini Remote Control Server version 12.0.1.200 suffers from a security issue due to improper file permissions, allowing users to delete files with SYSTEM privileges. This vulnerability can lead to unauthorized actions within the system, potentially compromising sensitive information and undermining the integrity of remote management operations. Users are advised to review their file permission settings and apply necessary mitigations to protect against potential exploitation.

References

https://support.solarwinds.com/SuccessCenter/s/
x_refsource_MISC
https://documentation.solarwinds.com/en/success_center/da...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.