Filtered by vendor Idrive
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34691 | 2 Idrive, Linux | 2 Remotepc, Linux Kernel | 2021-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | |||||
| CVE-2021-34692 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2021-07-26 | 7.2 HIGH | 7.8 HIGH |
| iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. | |||||
| CVE-2020-15351 | 2 Idrive, Microsoft | 2 Idrive, Windows | 2020-07-06 | 7.2 HIGH | 7.8 HIGH |
| IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one. | |||||