CVE-2021-34692 - OpenCVE

iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Idrive	Remotepc

Configuration 1 [-]

AND

cpe:2.3:a:idrive:remotepc:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_01.txt	Third Party Advisory
https://www.remotepc.com/release-info	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-15T13:20:17

Updated: 2021-07-15T13:20:17

Reserved: 2021-06-14T00:00:00

Link: CVE-2021-34692

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-07-15T14:15:21.170

Modified: 2021-07-26T19:07:06.750

Link: CVE-2021-34692

JSON object: View

Redhat Information

No data.

CWE

CWE-829

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:idrive:remotepc:*:*:*:*:*:*:*:*", "matchCriteriaId": "60416B98-EC2D-4DC7-B3CD-36656972E344", "versionEndExcluding": "7.6.48", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges."}, {"lang": "es", "value": "iDrive RemotePC versiones anteriores a 7.6.48 en Windows, permite una escalada de privilegios. Un usuario local y poco privilegiado puede forzar a RemotePC a ejecutar un ejecutable controlado por el atacante con privilegios de SYSTEM"}], "id": "CVE-2021-34692", "lastModified": "2021-07-26T19:07:06.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-15T14:15:21.170", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_01.txt"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.remotepc.com/release-info"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-829"}], "source": "nvd@nist.gov", "type": "Primary"}]}