Vulnerability Description
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nomachine | Nomachine | >= 6.0.0, < 6.15.1 |
| Microsoft | Windows | - |
References
- https://github.com/active-labs/Advisories/blob/master/2021/ACTIVE-2021-001.mdThird Party Advisory
- https://knowledgebase.nomachine.com/SU05S00223Release NotesVendor Advisory
- https://knowledgebase.nomachine.com/SU05S00224Release NotesVendor Advisory
- https://knowledgebase.nomachine.com/TR05S10236Vendor Advisory
- https://github.com/active-labs/Advisories/blob/master/2021/ACTIVE-2021-001.mdThird Party Advisory
- https://knowledgebase.nomachine.com/SU05S00223Release NotesVendor Advisory
- https://knowledgebase.nomachine.com/SU05S00224Release NotesVendor Advisory
- https://knowledgebase.nomachine.com/TR05S10236Vendor Advisory
FAQ
What is CVE-2021-33436?
CVE-2021-33436 is a vulnerability with a CVSS score of 7.3 (HIGH). NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL ...
How severe is CVE-2021-33436?
CVE-2021-33436 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33436?
Check the references section above for vendor advisories and patch information. Affected products include: Nomachine Nomachine, Microsoft Windows.