Published: 08/10/2019 Updated: 21/07/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Dameware Mini Remote Control

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.

Vulnerable Product	Search on Vulmon	Subscribe to Product
solarwinds dameware mini remote control 12.1.0.89

CVE-2019-3980 This repo was created to utilize the Nessus POC with a custom C# executable to run commands on a remote host and get the output of the command The python file is used to start a web server, execute the exploit, and then get the results over the web server The C# exe is uploaded through the exploit to the target When executed on thte target, the exe calls back

CVE-2019-3980 exploit written in win32/c++ (openssl dependency). Port of https://github.com/tenable/poc/blob/master/Solarwinds/Dameware/dwrcs_dwDrvInst_rce.py

CVE-2019-3980 CVE-2019-3980 exploit written in win32/c++ (openssl dependency) Port of githubcom/tenable/poc/blob/master/Solarwinds/Dameware/dwrcs_dwDrvInst_rcepy Instructions This PoC requires staticly linked openssl libraries Place openssl includes in third_party\include\openssl and libs in third_party\libs\openssl$(PlatformShortName)\ Rough build instructions for

CWE-346 https://www.tenable.com/security/research/tra-227-43 https://www.tenable.com/security/research/tra-2019-43 https://nvd.nist.gov https://github.com/warferik/CVE-2019-3980 https://github.com/Barbarisch/CVE-2019-3980

CVE-2019-3980

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect