CVE-2021-33526
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MB connect line | mbDIALUP | 3.9R0.0 <= 3.9R0.0 | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.