Security Advisory

RemotePC Vulnerabilities

Risk Information

Possible Threat

CVE ID

CVE-2021-34687

CVE-2021-34688

CVE-2021-34689

CVE-2021-34690

CVE-2021-34691

CVE-2021-34692

Vunerability Type

Personal Key sent over the network in a recoverable form

Personal Key stored encrypted with static key

Plaintext Personal Key in log files

Cloud authentication bypass

Remote denial of service

Privilege escalation to SYSTEM

CVSS3 Score

5.3

5.5

8.8

7.5

7.8

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

RemotePC for Windows before 7.6.48

RemotePC for Linux before 4.0.1

Update RemotePC for Windows to 7.6.48 or later. Update RemotePC for Linux to 4.0.1 or later.

06/17/2021