CVE-2019-3957

High

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly…

tenable·CWE-20·Published 2019-06-07

CVSS

7.4

EPSS

0.26

KEV

Exploits

cve.orgen

255 chars

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.

NVDen

255 chars

NVDes

302 chars

Dameware Remote Mini Control versión 12.1.0.34 y anteriores, contiene una sobreimpresión de búfer remoto no autenticado debido a que el servidor no está comprobando correctamente RsaSignatureLen durante la negociación de claves, lo que podría bloquear la aplicación o filtrar información confidencial.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P
3.1	Primary	NVD	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H