彙總 idrive 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 檔案包含與拒絕服務,在 軟體部署與生產負載 使用場景中可能帶來 檔案覆寫與未授權存取 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-34692 | iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. | [email protected] | 7.8 | 0.06% | 2021-07-15 | 2024-11-21 |
| CVE-2021-34691 | iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | [email protected] | 7.5 | 0.53% | 2021-07-15 | 2024-11-21 |
| CVE-2021-34690 | iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980. | [email protected] | 9.8 | 0.95% | 2021-07-15 | 2024-11-21 |
| CVE-2021-34689 | iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files. | [email protected] | 5.5 | 0.07% | 2021-07-15 | 2024-11-21 |
| CVE-2021-34688 | iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker. | [email protected] | 3.3 | 0.07% | 2021-07-15 | 2024-11-21 |
| CVE-2021-34687 | iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher. | [email protected] | 5.3 | 0.05% | 2021-07-15 | 2024-11-21 |
| CVE-2020-15351 | IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one. | [email protected] | 7.8 | 0.03% | 2020-06-26 | 2024-11-21 |