VDE-2021-017
Vulnerability from csaf_mbconnectlinegmbh - Published: 2021-07-22 11:35 - Updated: 2025-05-14 12:28Summary
MB connect line: Privilege escalation in mbDIALUP
Notes
Summary: Multiple Vulnerabilities in mbConnect24serv (a software service of mbDIALUP) can lead to arbitrary code execution due to improper privilege management.
Update A, 2021-11-24
corrected fixed version in solution from 3.9R0.4 to 3.9R0.5
Update B, 2022-03-28
Updated CVSS score from CVE-2021-33527 from 7.8 to 9.8 due to new information about the vulnerability
Remediation: Update to 3.9R0.5
Impact: Please consult the CVE entries.
In MB connect line mbDIALUP versions <=3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
9.8 (Critical)
Vendor Fix
Update to 3.9R0.5
In MB connect line mbDIALUP versions <=3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
7.8 (High)
Vendor Fix
Update to 3.9R0.5
References
Acknowledgments
CERT@VDE
certvde.com
Claroty
Noam Moshe
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Noam Moshe"
],
"organization": "Claroty",
"summary": "reported"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Multiple Vulnerabilities in mbConnect24serv (a software service of mbDIALUP) can lead to arbitrary code execution due to improper privilege management.\n\nUpdate A, 2021-11-24\n\ncorrected fixed version in solution from 3.9R0.4 to 3.9R0.5\n\nUpdate B, 2022-03-28\n\nUpdated CVSS score from CVE-2021-33527 from 7.8 to 9.8 due to new information about the vulnerability",
"title": "Summary"
},
{
"category": "description",
"text": "Update to 3.9R0.5",
"title": "Remediation"
},
{
"category": "description",
"text": "Please consult the CVE entries.",
"title": "Impact"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security-team@mbconnectline.de",
"name": "MB connect line GmbH",
"namespace": "https://mbconnectline.com"
},
"references": [
{
"category": "external",
"summary": "MB connect line advisory overview at CERT@VDE",
"url": "https://certvde.com/en/advisories/vendor/mbconnectline/"
},
{
"category": "self",
"summary": "VDE-2021-017: MB connect line: Privilege escalation in mbDIALUP - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-017"
},
{
"category": "self",
"summary": "VDE-2021-017: MB connect line: Privilege escalation in mbDIALUP - CSAF",
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-017.json"
}
],
"title": "MB connect line: Privilege escalation in mbDIALUP",
"tracking": {
"aliases": [
"VDE-2021-017"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-01-22T15:02:02.970Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.17"
}
},
"id": "VDE-2021-017",
"initial_release_date": "2021-07-22T11:35:00.000Z",
"revision_history": [
{
"date": "2021-07-22T11:35:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2021-11-24T11:00:00.000Z",
"number": "2",
"summary": "Update A"
},
{
"date": "2022-03-28T10:00:00.000Z",
"number": "3",
"summary": "Update B"
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "4",
"summary": "Fix: version space, added distribution"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=3.9R0.0",
"product": {
"name": "mbDIALUP \u003c=3.9R0.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "3.9R0.5",
"product": {
"name": "mbDIALUP 3.9R0.5",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "mbDIALUP"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "MB connect line"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-33527",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "In MB connect line mbDIALUP versions \u003c=3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 3.9R0.5",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-33527"
},
{
"cve": "CVE-2021-33526",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "description",
"text": "In MB connect line mbDIALUP versions \u003c=3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 3.9R0.5",
"product_ids": [
"CSAFPID-51001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001"
]
}
],
"title": "CVE-2021-33526"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…