CVE-2021-33527 — CRITICAL (9.8)

Q: How severe is CVE-2021-33527?

CVE-2021-33527 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-33527?

Check the references section above for vendor advisories and patch information. Affected products include: Mbconnectline Mbdialup.

Vulnerability Description

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mbconnectline	Mbdialup	<= 3.9r0.0

Related Weaknesses (CWE)

CWE-20

References

https://cert.vde.com/de-de/advisories/vde-2021-017Third Party Advisory
https://cert.vde.com/de-de/advisories/vde-2021-017Third Party Advisory

FAQ

What is CVE-2021-33527?

CVE-2021-33527 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the inpu...

How severe is CVE-2021-33527?

CVE-2021-33527 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-33527?

Check the references section above for vendor advisories and patch information. Affected products include: Mbconnectline Mbdialup.