78 matches found
Privilege escalation
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges...
Information disclosure
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...
Design/Logic Flaw
iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port...
Information disclosure
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...
CVE-2021-34692
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges...
CVE-2021-34692
CVE-2021-34692 affects iDrive RemotePC on Windows prior to 7.6.48. A local, low-privilege user can cause RemotePC to execute an attacker-controlled executable with SYSTEM privileges, enabling privilege escalation. The vulnerability stems from the product’s handling of executable execution, with e...
CVE-2021-34691
CVE-2021-34691 affects iDrive RemotePC on Linux prior to 4.0.1. A remote, unauthenticated attacker can cause a denial of service by disconnecting a valid user session via connecting to an ephemeral port. The advisory indicates the vulnerable version is before 4.0.1; mitigation is upgrading to 4.0...
CVE-2021-34691
iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port...
CVE-2021-34690
iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980...
CVE-2021-34690
The CVE affects iDrive RemotePC on Windows prior to version 7.6.48. A authentication bypass exists that allows a remote, unauthenticated attacker to bypass cloud authentication and connect to, and control, a system via TCP ports 5970 and 5980. Impact is high: attacker can take control without val...
CVE-2021-34689
Affected product: iDrive RemotePC on Windows. Version affected: prior to 7.6.48. Vulnerability type: information disclosure due to a flaw that allows a locally authenticated attacker to read the system’s Personal Key from world-readable log files in %PROGRAMDATA%. Root cause: Personal Key written...
CVE-2021-34689
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...
CVE-2021-34688
CVE-2021-34688 affects iDrive RemotePC on Windows prior to 7.6.48. A locally authenticated attacker can read an encrypted version of the system’s Personal Key from world-readable log files in %PROGRAMDATA%, because the encryption uses a hard-coded static key, making it reversible. The issue is a ...
CVE-2021-34688
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...
CVE-2021-34687
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher...
CVE-2021-34687
CVE-2021-34687 affects iDrive RemotePC on Windows prior to 7.6.48. The vulnerability enables information disclosure where a man-in-the-middle can recover the system Personal Key during a LAN connection, because the key is transmitted over the network with only a substitution cipher for encryption.
Idrive IDrive 安全漏洞
Idrive IDrive is a suite of cloud backup and cloud storage service solutions from IDrive USA. A security vulnerability exists in iDrive RemotePC, which stems from the iDrive RemotePC Allowed Elevation of Privilege on Windows prior to 7.6.48. An attacker can exploit the vulnerability to force...
iDrive RemotePC 加密问题漏洞
iDrive RemotePC is remote control software from iDrive, Inc. A vulnerability in encryption issues exists in iDrive RemotePC versions prior to 7.6.48 on Windows, which stems from an error in the configuration of the product during operation, among other things. An unauthorized attacker could explo...
IDrive 日志信息泄露漏洞
Idrive IDrive is a suite of cloud backup and cloud storage service solutions from US-based IDrive Idrive. A log message disclosure vulnerability exists in iDrive RemotePC versions prior to 7.6.48, where a locally authenticated attacker can read the system's personal key...
IDrive 授权问题漏洞
Idrive IDrive is a suite of cloud backup and cloud storage service solutions from IDrive USA. A security vulnerability exists in iDrive RemotePC versions prior to 7.6.48 that allows an unauthenticated attacker to bypass cloud authentication and connect to and control the system via TCP ports 5970...