RSS   Vulnerabilities for 'Windows agent'   RSS

2017-11-08
 
CVE-2017-16674

CWE-77
 

 
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.

 

 >>> Vendor: Datto 10 Products
Backup agent
Windows agent
Alto 2 firmware
Alto 3 firmware
Alto imaged firmware
Alto xl firmware
Siris 2 firmware
Siris 3 firmware
Siris 3 x all-flash firmware
Siris virtual firmware


Copyright 2019, cxsecurity.com

 

Back to Top