Sign-up

ID

VAR-201910-0549


CVE

CVE-2019-3980


TITLE

Solarwinds Dameware Mini Remote Client agent Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010640

DESCRIPTION

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account. Solarwinds Dameware Mini Remote Client agent Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SolarWinds DameWare Mini Remote Control is a remote control software and desktop sharing tool of American SolarWinds company. agent is one of the agent programs. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.8

sources: NVD: CVE-2019-3980 // JVNDB: JVNDB-2019-010640 // VULHUB: VHN-155415 // VULMON: CVE-2019-3980

AFFECTED PRODUCTS

vendor:solarwindsmodel:dameware mini remote controlscope:eqversion:12.1.0.89

Trust: 2.4

sources: JVNDB: JVNDB-2019-010640 // CNNVD: CNNVD-201910-430 // NVD: CVE-2019-3980

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3980
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3980
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201910-430
value: CRITICAL

Trust: 0.6

VULHUB: VHN-155415
value: HIGH

Trust: 0.1

VULMON: CVE-2019-3980
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3980
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-155415
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3980
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3980
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155415 // VULMON: CVE-2019-3980 // JVNDB: JVNDB-2019-010640 // CNNVD: CNNVD-201910-430 // NVD: CVE-2019-3980

PROBLEMTYPE DATA

problemtype:CWE-346

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-155415 // JVNDB: JVNDB-2019-010640 // NVD: CVE-2019-3980

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-430

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201910-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010640

PATCH
title:Dameware Mini Remote Controlurl:https://www.solarwinds.com/dameware-mini-remote-control
Trust: 0.8
title:Solarwinds Dameware Mini Remote Client agent Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99089
Trust: 0.6
title:CVE-2019-3980url:https://github.com/warferik/CVE-2019-3980 
Trust: 0.1
title:CVE-2019-3980url:https://github.com/Barbarisch/CVE-2019-3980 
Trust: 0.1
title:PoCurl:https://github.com/Jonathan-Elias/PoC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3980 // 
            
            
            
            JVNDB: JVNDB-2019-010640 // 
            
            
            
            CNNVD: CNNVD-201910-430

EXTERNAL IDS
db:NVDid:CVE-2019-3980
Trust: 2.6
db:TENABLEid:TRA-2019-43
Trust: 1.2
db:JVNDBid:JVNDB-2019-010640
Trust: 0.8
db:CNNVDid:CNNVD-201910-430
Trust: 0.7
db:VULHUBid:VHN-155415
Trust: 0.1
db:VULMONid:CVE-2019-3980
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155415 // 
            
            
            
            VULMON: CVE-2019-3980 // 
            
            
            
            JVNDB: JVNDB-2019-010640 // 
            
            
            
            CNNVD: CNNVD-201910-430 // 
            
            
            
            NVD: CVE-2019-3980

REFERENCES
url:https://www.tenable.com/security/research/tra-227-43
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-3980
Trust: 1.4
url:https://www.tenable.com/security/research/tra-2019-43
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3980
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/346.html
Trust: 0.1
url:https://github.com/warferik/cve-2019-3980
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/nomi-sec/poc-in-github
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155415 // 
            
            
            
            VULMON: CVE-2019-3980 // 
            
            
            
            JVNDB: JVNDB-2019-010640 // 
            
            
            
            CNNVD: CNNVD-201910-430 // 
            
            
            
            NVD: CVE-2019-3980

SOURCES
db:VULHUBid:VHN-155415
db:VULMONid:CVE-2019-3980
db:JVNDBid:JVNDB-2019-010640
db:CNNVDid:CNNVD-201910-430
db:NVDid:CVE-2019-3980

LAST UPDATE DATE
2024-11-23T22:58:30.418000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155415date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-3980date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-010640date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-430date:2019-11-26T00:00:00
db:NVDid:CVE-2019-3980date:2024-11-21T04:42:59.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-155415date:2019-10-08T00:00:00
db:VULMONid:CVE-2019-3980date:2019-10-08T00:00:00
db:JVNDBid:JVNDB-2019-010640date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-430date:2019-10-08T00:00:00
db:NVDid:CVE-2019-3980date:2019-10-08T20:15:12.077