New Vulnerability found in Dameware Mini Remote Control Server
During a security assessment, Adriaan found a vulnerability in the Dameware
Mini Remote Control Server installation version 18.104.22.1688
(CVE-2021-31217). The installation contained insecure folder permission
which allowed privileged system-level file deletion when a repair was
initiated by the Windows installer.
The vulnerability was
caused due to insecure configuration of the folder permission which are
set during the installation of the DameWare product. Upon discovery the
vulnerability was reported to the vendor, SolarWinds, which subsequently
rated the issue as high and patched it in
For more information regarding this vulnerability, please read the full report here.
Interested in more stories about interesting vulnerabilities found by our dedicated security experts? Read more about the latest vulnerabilities discovered by our other experts here :
- Harikrishnan Padmanabha Pillai (CVE-2020-35542 | Unisys Data Exchange Management Studio)
- Ricardo Sanchez and David van Gool (CVE-2020-22789 | FME Server)
- Max van der Linden and Justin Aarden (CVE-2021-29659 | ownCloud)