DameWare Mini Remote Control Server Unspecified Local Privilege Escalation

high Nessus Plugin ID 18119

Synopsis

A local user can elevate his privileges.

Description

According to its version number, the DameWare Mini Remote Control program on the remote host may allow an authenticated user with non-administrator rights to elevate his rights on a remote machine.

Solution

Upgrade to DameWare Mini Remote Control version 3.80 if using 3.x or to 4.9 if using 4.x.

See Also

http://www.nessus.org/u?60814edd

Plugin Details

Severity: High

ID: 18119

File Name: dameware_mini_remote_control_priv_escalation.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 4/22/2005

Updated: 7/6/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:dameware:mini_remote_control

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 4/5/2005

Vulnerability Publication Date: 4/6/2005

Reference Information

CVE: CVE-2005-1088

BID: 13023