Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_CVE-2016-2345.NASL
HistoryApr 16, 2019 - 12:00 a.m.

SolarWinds DameWare Mini Remote Client Agent < 12.0.3 Stack Buffer Overflow

2019-04-1600:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.23 Low

EPSS

Percentile

96.6%

JSON

The remote host is running a version of SolarWinds DameWare Mini Remote Client Agent prior to 12.0.3. A stack-based buffer overflow condition exists in DWRCS.EXE due to improper validation of user supplied data passed to wsprintfw(). An attacker can exploit this, via a specially crafted message, to execute arbitrary code.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124062);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/26");

  script_cve_id("CVE-2016-2345");
  script_bugtraq_id(84704);
  script_xref(name:"CERT", value:"897144");
  script_xref(name:"EDB-ID", value:"43059");
  script_xref(name:"IAVA", value:"2020-A-0392-S");

  script_name(english:"SolarWinds DameWare Mini Remote Client Agent < 12.0.3 Stack Buffer Overflow");
  script_summary(english:"Checks the version of DWRCS.EXE.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is running a remote management application that has
a stack buffer overflow condition.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of SolarWinds DameWare Mini
Remote Client Agent prior to 12.0.3. A stack-based buffer overflow
condition exists in DWRCS.EXE due to improper validation of user
supplied data passed to wsprintfw(). An attacker can exploit this,
via a specially crafted message, to execute arbitrary code.");
  # https://support.solarwinds.com/Success_Center/DameWare_Remote_Support_Mini_Remote_Control/Knowledgebase_Articles/CVE-2016-2345_vulnerability
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ea9bfd3f");
  # https://www.securifera.com/blog/2016/04/03/fun-with-remote-controllers-dameware-mini-remote-control-cve-2016-2345/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?05d43982");
  script_set_attribute(attribute:"see_also", value:"https://www.securifera.com/advisories/cve-2016-2345/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to SolarWinds DameWare Mini Remote Control v12.0.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2345");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:solarwinds:dameware_mini_remote_control");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_enum_services.nasl");
  script_require_keys("SMB/svc/dwmrcs/path");
  script_require_ports(139,445);

  exit(0);
}

include("smb_func.inc");
include("smb_hotfixes_fcheck.inc");
include("vcf.inc");

# Check if the service is detected by smb_enum_services.nasl
val   = get_kb_item_or_exit('SMB/svc/dwmrcs/path');

# Get and check the exe path
ret   = split(val, sep:' ', keep:FALSE);
path  = ret[0];
match = pregmatch(string:path, pattern:'^([A-Za-z]):(.+)$');
if (isnull(match))
  exit(1, 'Invalid path ' + path + ' for DWMRCS.exe.');

app = 'SolarWinds DameWare Mini Remote Client Agent';

# Get the file version for the exe.
# hotfix_get_fversion() does not go out to the network
# to fetch the file version if the version is already saved
# in the KB.
fver = hotfix_get_fversion(path:path);
hotfix_handle_error(
  error_code:fver['error'],
  appname:app,
  file:path,
  exit_on_fail:TRUE
);
hotfix_check_fversion_end();
ver = join(fver['value'], sep:'.');

# This KB was created by hotfix_get_fversion()
share = match[1] + '$';
file = match[2];
kb = 'SMB/FileVersions/'+tolower(share-'$')+tolower(str_replace(string:file, find:"\", replace:'/'));

app_info = vcf::get_app_info(app:app, kb_ver:kb, port:kb_smb_transport());
vcf::check_granularity(app_info:app_info, sig_segments:3);

constraints = [
  {"fixed_version": "12.0.3" }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
solarwindsdameware_mini_remote_controlx-cpe:/a:solarwinds:dameware_mini_remote_control

Related

exploitpack 1
cvelist 1
cve 1
cert 1
nvd 1
packetstorm 1
prion 1
zdt 1
openvas 1
exploitdb 1
exploitpack
exploitpack
DameWare Remote Controller 12.0.0.520 - Remote Code Execution
2016-04-03 00:00:00
cvelist
cvelist
CVE-2016-2345
2016-03-17 23:00:00
cve
cve
CVE-2016-2345
2016-03-17 23:59:00
cert
cert
Solarwinds Dameware Remote Mini Controller Windows service is vulnerable to stack buffer overflow
2016-03-17 00:00:00
nvd
nvd
CVE-2016-2345
2016-03-17 23:59:00
packetstorm
packetstorm
DameWare Remote Controller 12.0.0.520 Remote Code Execution
2017-10-27 00:00:00
prion
prion
Stack overflow
2016-03-17 23:59:00
zdt
zdt
DameWare Remote Controller <= 12.0.0.520 - Remote Code Execution Exploit
2017-10-27 00:00:00
openvas
openvas
DameWare Mini Remote Control < 12.0.3 Buffer Overflow Vulnerability - Windows
2018-11-26 00:00:00
exploitdb
exploitdb
DameWare Remote Controller &lt; 12.0.0.520 - Remote Code Execution
2016-04-03 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.23 Low

EPSS

Percentile

96.6%

JSON
Related for SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_CVE-2016-2345.NASL
exploitpack1cvelist1cve1cert1nvd1packetstorm1prion1zdt1openvas1exploitdb1