|Article No°||Product Name||Affected Version(s)|
Multiple Vulnerabilities in a software service of shDIALUP can lead to arbitrary code execution due to improper privilege management.
Update A, 2022-03-28
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running locally with NT AUTHORITY\SYSTEM that will not correctly ...
A low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with ...
Please consult the CVE entries.
Update shDialup to 3.9R0.5
Noam Moshe of Claroty reported this vulnerability to MB connect line GmbH.