PT-2021-20540 · Microsoft · Windows

Simon Bieber

Published

2021-06-10

Updated

2021-06-22

CVE-2021-34546

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: NetSetMan Pro versions prior to 5.0

Description: An unauthenticated attacker with physical access to a computer, where the pre-logon profile switch button within the Windows logon screen is enabled, can drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature by navigating to cmd.exe.

Recommendations: For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider disabling the pre-logon profile switch button within the Windows logon screen to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-34546

Affected Products

Windows

PT-2021-20540 · Microsoft · Windows

CVE-2021-34546

Weakness Enumeration

Related Identifiers

Affected Products

References · 8