First published: Thu Apr 28 2022(Updated: )
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NoMachine NoMachine | >=6.0.0<6.15.1 | |
NoMachine NoMachine | >=7.0<7.5.2 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this vulnerability is CVE-2021-33436.
CVE-2021-33436 has a severity rating of 7.3 (high).
The affected software for CVE-2021-33436 is NoMachine for Windows versions prior to 6.15.1 and 7.5.2.
CVE-2021-33436 allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and potentially execute code as NT.
You can find more information about CVE-2021-33436 at the following references: [GitHub Advisory](https://github.com/active-labs/Advisories/blob/master/2021/ACTIVE-2021-001.md), [NoMachine Knowledge Base Article 1](https://knowledgebase.nomachine.com/SU05S00223), [NoMachine Knowledge Base Article 2](https://knowledgebase.nomachine.com/SU05S00224).