Idrive

idrive

7 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-34692 1Idrive 1Remotepc Nov 21, 2024 Jul 15, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.
CVE-2021-34691 1Idrive 1Remotepc Nov 21, 2024 Jul 15, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port.
CVE-2021-34690 1Idrive 1Remotepc Nov 21, 2024 Jul 15, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980.
CVE-2021-34689 1Idrive 1Remotepc Nov 21, 2024 Jul 15, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.
CVE-2021-34688 1Idrive 1Remotepc Nov 21, 2024 Jul 15, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryptio...Show more iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.Show less
CVE-2021-34687 1Idrive 1Remotepc Nov 21, 2024 Jul 15, 2021 N/A· v4 5.3 MEDIUM· v3 2.9 LOW· v2 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the ne...Show more iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.Show less
CVE-2020-15351 1Idrive 1Idrive Nov 21, 2024 Jun 26, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the cont...Show more IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.Show less