Lucene search
PRIOn knowledge basePRION:CVE-2017-16674HistoryNov 09, 2017 - 4:29 a.m.
Command injection
2017-11-0904:29:00
PRIOn knowledge base
www.prio-n.com
7
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this “primary/secondary” attack with the CVE-2017-16673 “rogue pairing” attack to achieve unauthenticated access to all agent machines running these older DWA versions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| windows_agent | le | 1.0.5.0 |
Related
zdt
zdt
Datto Windows Agent Remote Code Execution Vulnerability
2017-11-11 00:00:00
nvd
nvd
CVE-2017-16674
2017-11-09 04:29:00
CVE-2017-16673
2017-11-09 04:29:00
cve
cve
CVE-2017-16674
2022-10-03 16:23:23
CVE-2017-16673
2022-10-03 16:23:21
cvelist
cvelist
CVE-2017-16674
2022-10-03 16:23:23
CVE-2017-16673
2022-10-03 16:23:21
prion
prion
Information disclosure
2017-11-09 04:29:00