PT-2021-20649 · Idrive · Idrive Remotepc

Published

2021-07-15

Updated

2021-08-03

CVE-2021-34690

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: iDrive RemotePC versions prior to 7.6.48

Description: The issue allows a remote and unauthenticated attacker to bypass cloud authentication, enabling them to connect and control a system. This is achieved via TCP port 5970 and 5980.

Recommendations: For versions prior to 7.6.48, update to version 7.6.48 or later to resolve the issue. As a temporary workaround, consider restricting access to TCP ports 5970 and 5980 to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-34690

Affected Products

Idrive Remotepc

PT-2021-20649 · Idrive · Idrive Remotepc

CVE-2021-34690

Weakness Enumeration

Related Identifiers

Affected Products

References · 5