RSS   Vulnerabilities for 'Mbdialup'   RSS

2021-08-02
 
CVE-2021-33526

CWE-269
 

 
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.

 
 
CVE-2021-33527

CWE-20
 

 
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM that won't be validated correctly and allows for an arbitrary code execution with the privileges of the service.

 

 >>> Vendor: Mbconnectline 3 Products
Mbconnect24
Mymbconnect24
Mbdialup


Copyright 2024, cxsecurity.com

 

Back to Top