First published: Fri Jul 23 2021(Updated: )
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbdialup | <=3.9r0.0 |
Update to version 3.9R0.5
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-33527 is critical with a CVSS score of 9.8.
CVE-2021-33527 allows a remote attacker to execute arbitrary code with the privileges of the service in MB connect line mbDIALUP versions <= 3.9R0.0.
An attacker can exploit CVE-2021-33527 by sending a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM.
The affected software for CVE-2021-33527 is mbDIALUP versions <= 3.9R0.0 in the MB connect line.
Yes, updating MB connect line mbDIALUP to a version higher than 3.9R0.0 will resolve the vulnerability.