SolarWinds Dameware Mini Remote Control Client Public Key Buffer Over-read

high Nessus Plugin ID 126263
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote host is running a remote control application that is affected by a buffer over-read vulnerability.


The SolarWinds Dameware Mini Remote Control Client Agent running on the remote host is affected by a buffer over-read vulnerability due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via a series of requests, to cause a denial of service condition.

Note that the software is reportedly affected by additional vulnerabilities; however, this plugin has not tested for these.


Upgrade to SolarWinds Dameware Mini Remote Control v12.1 Hotfix 2 or later, and make sure the DWRCRSS.dll used by the running client agent (DWRCS.exe) is v12.1.0.89 or later.

See Also

Plugin Details

Severity: High

ID: 126263

File Name: solarwinds_dameware_mini_remote_control_cve-2019-3956.nasl

Version: 1.5

Type: remote

Agent: windows

Family: Windows

Published: 6/27/2019

Updated: 7/27/2021

Dependencies: find_service2.nasl

Risk Information

CVSS Score Source: CVE-2019-3956


Risk Factor: Medium

Score: 5.2


Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Temporal Vector: E:F/RL:OF/RC:C


Risk Factor: High

Base Score: 7.4

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:dameware:mini_remote_control

Exploit Ease: Exploits are available

Patch Publication Date: 6/6/2019

Vulnerability Publication Date: 6/6/2019

Reference Information

CVE: CVE-2019-3956

TRA: TRA-2019-26

IAVA: 2020-A-0392