Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for mbdialup by mbconnectline

    CVE-2021-33527 (GCVE-0-2021-33527)

    Vulnerability from nvd – Published: 2021-08-02 10:24 – Updated: 2024-09-16 17:42
    VLAI
    Title
    OS Command Injection in mbDIALUP <= 3.9R0.0
    Summary
    In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbDIALUP Affected: 3.9R0.0 , ≤ 3.9R0.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-23 00:00
    Credits
    Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mbDIALUP",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "3.9R0.0",
                  "status": "affected",
                  "version": "3.9R0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-29T09:20:09.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 3.9R0.5"
            }
          ],
          "source": {
            "advisory": "VDE-2021-017",
            "discovery": "EXTERNAL"
          },
          "title": "OS Command Injection in mbDIALUP \u003c= 3.9R0.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
              "ID": "CVE-2021-33527",
              "STATE": "PUBLIC",
              "TITLE": "OS Command Injection in mbDIALUP \u003c= 3.9R0.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mbDIALUP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.9R0.0",
                                "version_value": "3.9R0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/de-de/advisories/vde-2021-017",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 3.9R0.5"
              }
            ],
            "source": {
              "advisory": "VDE-2021-017",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33527",
        "datePublished": "2021-08-02T10:24:31.012Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:36.084Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33526 (GCVE-0-2021-33526)

    Vulnerability from nvd – Published: 2021-08-02 10:24 – Updated: 2024-09-17 01:56
    VLAI
    Title
    Privilege escalation in mbDIALUP <= 3.9R0.0
    Summary
    In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbDIALUP Affected: 3.9R0.0 , ≤ 3.9R0.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-23 00:00
    Credits
    Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mbDIALUP",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "3.9R0.0",
                  "status": "affected",
                  "version": "3.9R0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T10:24:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 3.9R0.5"
            }
          ],
          "source": {
            "advisory": "VDE-2021-017",
            "discovery": "EXTERNAL"
          },
          "title": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
              "ID": "CVE-2021-33526",
              "STATE": "PUBLIC",
              "TITLE": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mbDIALUP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.9R0.0",
                                "version_value": "3.9R0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/de-de/advisories/vde-2021-017",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 3.9R0.5"
              }
            ],
            "source": {
              "advisory": "VDE-2021-017",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33526",
        "datePublished": "2021-08-02T10:24:29.999Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:14.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33527 (GCVE-0-2021-33527)

    Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 17:42
    VLAI
    Title
    OS Command Injection in mbDIALUP <= 3.9R0.0
    Summary
    In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbDIALUP Affected: 3.9R0.0 , ≤ 3.9R0.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-23 00:00
    Credits
    Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.984Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mbDIALUP",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "3.9R0.0",
                  "status": "affected",
                  "version": "3.9R0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-29T09:20:09.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 3.9R0.5"
            }
          ],
          "source": {
            "advisory": "VDE-2021-017",
            "discovery": "EXTERNAL"
          },
          "title": "OS Command Injection in mbDIALUP \u003c= 3.9R0.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
              "ID": "CVE-2021-33527",
              "STATE": "PUBLIC",
              "TITLE": "OS Command Injection in mbDIALUP \u003c= 3.9R0.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mbDIALUP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.9R0.0",
                                "version_value": "3.9R0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/de-de/advisories/vde-2021-017",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 3.9R0.5"
              }
            ],
            "source": {
              "advisory": "VDE-2021-017",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33527",
        "datePublished": "2021-08-02T10:24:31.012Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:36.084Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33526 (GCVE-0-2021-33526)

    Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-17 01:56
    VLAI
    Title
    Privilege escalation in mbDIALUP <= 3.9R0.0
    Summary
    In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbDIALUP Affected: 3.9R0.0 , ≤ 3.9R0.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-23 00:00
    Credits
    Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:43.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mbDIALUP",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "3.9R0.0",
                  "status": "affected",
                  "version": "3.9R0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T10:24:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 3.9R0.5"
            }
          ],
          "source": {
            "advisory": "VDE-2021-017",
            "discovery": "EXTERNAL"
          },
          "title": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
              "ID": "CVE-2021-33526",
              "STATE": "PUBLIC",
              "TITLE": "Privilege escalation in mbDIALUP \u003c= 3.9R0.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mbDIALUP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.9R0.0",
                                "version_value": "3.9R0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mbDIALUP versions \u003c= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/de-de/advisories/vde-2021-017",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/de-de/advisories/vde-2021-017"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 3.9R0.5"
              }
            ],
            "source": {
              "advisory": "VDE-2021-017",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-33526",
        "datePublished": "2021-08-02T10:24:29.999Z",
        "dateReserved": "2021-05-24T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:14.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }