Description
Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.
Affected Software
Related
{"id": "CVE-2021-35448", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-35448", "description": "Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections.", "published": "2021-06-24T20:15:00", "modified": "2022-03-29T19:36:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35448", "reporter": "cve@mitre.org", "references": ["https://deathflash.ml/blog/remote-mouse-lpe", "https://www.exploit-db.com/exploits/50047", "https://leobreaker1411.github.io/blog/cve-2021-35448"], "cvelist": ["CVE-2021-35448"], "immutableFields": [], "lastseen": "2022-03-29T21:04:57", "viewCount": 66, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50047"]}, {"type": "githubexploit", "idList": ["E9377F01-1DC8-5F09-8C67-4597C2FA26A7"]}], "rev": 4}, "score": {"value": 7.3, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-06-25T07:43:31", "tweets": [{"link": "https://twitter.com/SecRiskRptSME/status/1408328310346682372", "text": "RT:\n\nCVE-2021-35448 Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incom... https://t.co/zpuuXHhFEB?amp=1\n\n\u2014 CVE (\u2026"}, {"link": "https://twitter.com/SecRiskRptSME/status/1408328310346682372", "text": "RT:\n\nCVE-2021-35448 Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incom... https://t.co/zpuuXHhFEB?amp=1\n\n\u2014 CVE (\u2026"}, {"link": "https://twitter.com/deathflash1411/status/1408339317521453062", "text": "CVE-2021-35448 has been assigned."}, {"link": "https://twitter.com/deathflash1411/status/1408339317521453062", "text": "CVE-2021-35448 has been assigned."}]}, "backreferences": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50047"]}, {"type": "githubexploit", "idList": ["E9377F01-1DC8-5F09-8C67-4597C2FA26A7"]}]}, "exploitation": null, "vulnersScore": 7.3}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:remotemouse:emote_interactive_studio:3.008"], "cpe23": ["cpe:2.3:a:remotemouse:emote_interactive_studio:3.008:*:*:*:*:*:*:*"], "cwe": ["CWE-269"], "affectedSoftware": [{"cpeName": "remotemouse:emote_interactive_studio", "version": "3.008", "operator": "eq", "name": "remotemouse emote interactive studio"}], "affectedConfiguration": [{"name": "microsoft windows", "cpeName": "microsoft:windows", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:remotemouse:emote_interactive_studio:3.008:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://deathflash.ml/blog/remote-mouse-lpe", "name": "https://deathflash.ml/blog/remote-mouse-lpe", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50047", "name": "https://www.exploit-db.com/exploits/50047", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://leobreaker1411.github.io/blog/cve-2021-35448", "name": "https://leobreaker1411.github.io/blog/cve-2021-35448", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}
{"githubexploit": [{"lastseen": "2022-03-30T09:09:02", "description": "# CVE-2021-35448\n\n### Description:\n\nA local privilege escalation...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-20T15:15:15", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Remotemouse Emote Interactive Studio", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35448"], "modified": "2021-12-20T15:18:30", "id": "E9377F01-1DC8-5F09-8C67-4597C2FA26A7", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "exploitdb": [{"lastseen": "2022-05-13T17:37:05", "description": "", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-21T00:00:00", "type": "exploitdb", "title": "Remote Mouse GUI 3.008 - Local Privilege Escalation", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-35448", "CVE-2021-35448"], "modified": "2021-06-21T00:00:00", "id": "EDB-ID:50047", "href": "https://www.exploit-db.com/exploits/50047", "sourceData": "# Exploit Title: Remote Mouse GUI 3.008 - Local Privilege Escalation\r\n# Exploit Author: Salman Asad (@LeoBreaker1411 / deathflash1411)\r\n# Date: 17.06.2021\r\n# Version: Remote Mouse 3.008\r\n# Tested on: Windows 10 Pro Version 21H1\r\n# Reference: https://leobreaker1411.github.io/blog/cve-2021-35448\r\n# CVE: CVE-2021-35448\r\n\r\nSteps to reproduce:\r\n\r\n1. Open Remote Mouse from the system tray\r\n2. Go to \"Settings\"\r\n3. Click \"Change...\" in \"Image Transfer Folder\" section\r\n4. \"Save As\" prompt will appear\r\n5. Enter \"C:\\Windows\\System32\\cmd.exe\" in the address bar\r\n6. A new command prompt is spawned with Administrator privileges", "sourceHref": "https://www.exploit-db.com/download/50047", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2021-35448
