CVE-2021-33526 (GCVE-0-2021-33526)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-17 01:56
VLAI?
Summary
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MB connect line | mbDIALUP |
Affected:
3.9R0.0 , ≤ 3.9R0.0
(custom)
|
Credits
Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mbDIALUP",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "3.9R0.0",
"status": "affected",
"version": "3.9R0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
}
],
"datePublic": "2021-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:24:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 3.9R0.5"
}
],
"source": {
"advisory": "VDE-2021-017",
"discovery": "EXTERNAL"
},
"title": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
"ID": "CVE-2021-33526",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mbDIALUP",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "3.9R0.0",
"version_value": "3.9R0.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-017",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 3.9R0.5"
}
],
"source": {
"advisory": "VDE-2021-017",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-33526",
"datePublished": "2021-08-02T10:24:29.999553Z",
"dateReserved": "2021-05-24T00:00:00",
"dateUpdated": "2024-09-17T01:56:14.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mbconnectline:mbdialup:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.9r0.0\", \"matchCriteriaId\": \"C0769704-3781-41C1-B70E-AE4B53CDFCA6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.\"}, {\"lang\": \"es\", \"value\": \"En MB connect line mbDIALUP versiones anteriores a 3.9R0.0 incluy\\u00e9ndola, un atacante local con pocos privilegios puede enviar un comando al servicio que se ejecuta con NT AUTHORITY\\\\SYSTEM indic\\u00e1ndole que ejecute una configuraci\\u00f3n OpenVPN maliciosa resultando en una ejecuci\\u00f3n de c\\u00f3digo arbitrario con los privilegios del servicio\"}]",
"id": "CVE-2021-33526",
"lastModified": "2024-11-21T06:09:00.530",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-08-02T11:15:11.223",
"references": "[{\"url\": \"https://cert.vde.com/de-de/advisories/vde-2021-017\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.vde.com/de-de/advisories/vde-2021-017\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-33526\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2021-08-02T11:15:11.223\",\"lastModified\":\"2024-11-21T06:09:00.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.\"},{\"lang\":\"es\",\"value\":\"En MB connect line mbDIALUP versiones anteriores a 3.9R0.0 incluy\u00e9ndola, un atacante local con pocos privilegios puede enviar un comando al servicio que se ejecuta con NT AUTHORITY\\\\SYSTEM indic\u00e1ndole que ejecute una configuraci\u00f3n OpenVPN maliciosa resultando en una ejecuci\u00f3n de c\u00f3digo arbitrario con los privilegios del servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mbconnectline:mbdialup:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.9r0.0\",\"matchCriteriaId\":\"C0769704-3781-41C1-B70E-AE4B53CDFCA6\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/de-de/advisories/vde-2021-017\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/de-de/advisories/vde-2021-017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…