CVE-2021-33526

CWE-269 IMPROPER PRIVILEGE MANAGMENT:
A low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.

Risk Information

  • CVE ID
  • CVE-2021-33526
  • Vendor
  • MB Connect Line
  • Product
  • mbDIALUP
  • CVSS v3
  • 7.8