CVE-2021-33527
moderate-risk
Published 2021-08-02
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.
Do I need to act?
~
6.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Mbdialup
Affected Vendors
References (2)
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2021-017
Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2021-017
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
9/34 · Low
Exposure
5/34 · Minimal