CVE-2020-5734

Name of the Vulnerable Software and Affected Versions SolarWinds Dameware version 12.1 Hotfix 3

Description The issue is a classic buffer overflow that allows a remote, unauthenticated attacker to cause a denial of service. This is achieved by sending a large SigPubkeyLen during the ECDH key exchange, resulting in a buffer over-read/write condition in the DWRCRSA.dll module.

Recommendations For SolarWinds Dameware version 12.1 Hotfix 3, as a temporary workaround, consider restricting access to the ECDH key exchange functionality until a patch is available. Additionally, avoid using the SigPubkeyLen variable in the affected key exchange process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.