Lucene search

MitreCVE-2021-34689

HistoryJul 15, 2021 - 2:15 p.m.

CVE-2021-34689

2021-07-1514:15:20

CWE-532

mitre

web.nvd.nist.gov

cve-2021-34689

idrive

remotepc

windows

information disclosure

authentication

personal key

programdata

log files

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

12.6%

JSON

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system’s Personal Key in world-readable %PROGRAMDATA% log files.

Affected configurations

Nvd

Node

idriveremotepcRange<7.6.48

AND

microsoftwindowsMatch-

VendorProductVersionCPE
idriveremotepc*cpe:2.3:a:idrive:remotepc:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
idrive	remotepc	*	cpe:2.3:a:idrive:remotepc::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_01.txt

www.remotepc.com/release-info

Social References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2021-34689