New Vulnerability found in Dameware Mini Remote Control Server
We are proud to share the news: our security specialist Adriaan Schuitmaker has recently discovered an important CVE (CVE-2021-31217)! It's always so inspiring to see how our experts are dedicated to make the world a safer place.
During a security assessment, Adriaan found a vulnerability in the Dameware
Mini Remote Control Server installation version 12.0.1.2008
(CVE-2021-31217). The installation contained insecure folder permission
which allowed privileged system-level file deletion when a repair was
initiated by the Windows installer.
The vulnerability was
caused due to insecure configuration of the folder permission which are
set during the installation of the DameWare product. Upon discovery the
vulnerability was reported to the vendor, SolarWinds, which subsequently
rated the issue as high and patched it in
version 12.2.
For more information regarding this vulnerability, please read the full report here.
Interested in more stories about interesting vulnerabilities found by our dedicated security experts? Read more about the latest vulnerabilities discovered by our other experts here :
- Harikrishnan Padmanabha Pillai (CVE-2020-35542 | Unisys Data Exchange Management Studio)
- Ricardo Sanchez and David van Gool (CVE-2020-22789 | FME Server)
- Max van der Linden and Justin Aarden (CVE-2021-29659 | ownCloud)