CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33527 – OS Command Injection in mbDIALUP <= 3.9R0.0
https://notcve.org/view.php?id=CVE-2021-33527
02 Aug 2021 — In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service. En las versiones de MB connect line mbDIALUP versiones anteriores o iguales a 3.9R0.0 un atacante remoto puede enviar una petición HTTP específicamente diseñada al servicio que se ejecuta con NT AUTHORITY\SYSTEM que no valide co... • https://cert.vde.com/de-de/advisories/vde-2021-017 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33526 – Privilege escalation in mbDIALUP <= 3.9R0.0
https://notcve.org/view.php?id=CVE-2021-33526
02 Aug 2021 — In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service. En MB connect line mbDIALUP versiones anteriores a 3.9R0.0 incluyéndola, un atacante local con pocos privilegios puede enviar un comando al servicio que se ejecuta con NT AUTHORITY\SYSTEM indicándole que ejecute una configuración Op... • https://cert.vde.com/de-de/advisories/vde-2021-017 • CWE-269: Improper Privilege Management •