CVE-2019-3980
First published: Tue Oct 08 2019(Updated: )
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dameware Mini Remote Control | =12.1.0.89 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-3980?
CVE-2019-3980 is classified as a critical vulnerability due to the potential for unauthorized remote code execution.
How do I fix CVE-2019-3980?
To fix CVE-2019-3980, update SolarWinds Dameware Mini Remote Control to version 12.1.0.90 or later.
What types of attacks can exploit CVE-2019-3980?
CVE-2019-3980 can be exploited by unauthenticated remote attackers to upload and execute arbitrary executables on the affected host.
Which version of SolarWinds Dameware Mini Remote Control is affected by CVE-2019-3980?
The affected version of SolarWinds Dameware Mini Remote Control is 12.1.0.89.
What is the primary impact of CVE-2019-3980?
The primary impact of CVE-2019-3980 is the ability for an attacker to gain control over the system by executing arbitrary code remotely.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/solarwinds
- canonical/solarwinds dameware remote support
- version/solarwinds dameware remote support/12.1.0.89