Share: Email | Twitter

ID

VDE-2021-017

Published

2021-07-22 13:35 (CEST)

Last update

2022-03-28 13:03 (CEST)

Vendor(s)

MB connect line GmbH

Product(s)

Article No° Product Name Affected Version(s)
mbDIALUP <= 3.9R0.0

Summary

Multiple Vulnerabilities in mbConnect24serv (a software service of mbDIALUP) can lead to arbitrary code execution due to improper privilege management.

Update A, 2021-11-24

  • corrected fixed version in solution from 3.9R0.4 to 3.9R0.5

Update B, 2022-03-28

  • Updated CVSS score from CVE-2021-33527 from 7.8 to 9.8 due to new information about the vulnerability

Vulnerabilities



CVE-2021-33527
9.8
Last Update
Nov. 17, 2022, 10:47 a.m.
Severity
9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Weakness
Improper Input Validation (CWE-20)
Summary
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Details
nvd.nist.gov 
CVE-2021-33526
7.8
Last Update
Nov. 17, 2022, 10:47 a.m.
Severity
7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Weakness
Improper Privilege Management (CWE-269)
Summary
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
Details
nvd.nist.gov 

Impact

Please consult the CVE entries.

Solution

Update to 3.9R0.5

Reported by

Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH.

CERT@VDE coordinated.