The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2019-10-08T19:40:07

Updated: 2024-08-04T19:26:27.695Z

Reserved: 2019-01-03T00:00:00

Link: CVE-2019-3980

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-10-08T20:15:12.077

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-3980

cve-icon Redhat

No data.