EUVD-2021-20219

Malware in sbrugna...

The vulnerability of the mbConnect24serv component for clients to establish encrypted connections with mbDIALUP allows a perpetrator to enhance their privileges and execute arbitrary codes.

The vulnerability of the mbConnect24serv component for clients to establish encrypted connections with mbDIALUP is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code using a malicious OpenVPN...

The vulnerability of the mbConnect24serv component for clients to establish encrypted connections with mbDIALUP allows a perpetrator to enhance their privileges and execute arbitrary codes.

The vulnerability of the mbConnect24serv component for clients to establish encrypted connections with mbDIALUP is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability can allow an attacker to enhance their...

CVE-2021-33527

In MB connect line mbDIALUP versions = 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service...

CVE-2021-33526

In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service...

Design/Logic Flaw

In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service...

Design/Logic Flaw

In MB connect line mbDIALUP versions = 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service...

CVE-2021-33527

CVE-2021-33527 affects MB Connect Line mbDIALUP

CVE-2021-33527 OS Command Injection in mbDIALUP <= 3.9R0.0

In MB connect line mbDIALUP versions = 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service...

CVE-2021-33526 Privilege escalation in mbDIALUP <= 3.9R0.0

In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service...

CVE-2021-33526

CVE-2021-33526 affects MB connect line mbDIALUP versions

MB connect line mbDIALUP 安全漏洞

MB connect line mbDIALUP is an application from MB connect line. Developed by MB Connect Line GmbH for a Software Informer user. A security vulnerability exists in mbDIALUP, which originates in MB connect line mbDIALUP version = 3.9R0.0, and can be exploited by a low-privileged attacker to send a...