SolarWinds Dameware Mini Remote Control Client Public Key Buffer Over-read

high Nessus Plugin ID 126263
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is running a remote control application that is affected by a buffer over-read vulnerability.

Description

The SolarWinds Dameware Mini Remote Control Client Agent running on the remote host is affected by a buffer over-read vulnerability due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via a series of requests, to cause a denial of service condition.

Note that the software is reportedly affected by additional vulnerabilities; however, this plugin has not tested for these.

Solution

Upgrade to SolarWinds Dameware Mini Remote Control v12.1 Hotfix 2 or later, and make sure the DWRCRSS.dll used by the running client agent (DWRCS.exe) is v12.1.0.89 or later.

See Also

http://www.nessus.org/u?1220acd8

Plugin Details

Severity: High

ID: 126263

File Name: solarwinds_dameware_mini_remote_control_cve-2019-3956.nasl

Version: 1.5

Type: remote

Agent: windows

Family: Windows

Published: 6/27/2019

Updated: 7/27/2021

Dependencies: find_service2.nasl

Risk Information

CVSS Score Source: CVE-2019-3956

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:dameware:mini_remote_control

Exploit Ease: Exploits are available

Patch Publication Date: 6/6/2019

Vulnerability Publication Date: 6/6/2019

Reference Information

CVE: CVE-2019-3956

TRA: TRA-2019-26

IAVA: 2020-A-0392