In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cert.vde.com/de-de/advisories/vde-2021-017 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: CERTVDE
Published: 2021-08-02T10:24:31.012186Z
Updated: 2024-09-16T17:42:36.084Z
Reserved: 2021-05-24T00:00:00
Link: CVE-2021-33527
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-02T11:15:11.287
Modified: 2022-04-29T17:47:09.857
Link: CVE-2021-33527
Redhat
No data.