Live Webinar:

Join us Apr. 1st for a Town Hall as Robert M. Lee shares insights from his testimony before the U.S. House of Representatives Subcommittee on Cybersecurity and Infrastructure Protection.

Skip to main content
Security Advisory

RemotePC Vulnerabilities

Risk Information

Possible Threat

CVE ID

CVE-2021-34687

CVE-2021-34688

CVE-2021-34689

CVE-2021-34690

CVE-2021-34691

CVE-2021-34692

Vunerability Type

Personal Key sent over the network in a recoverable form

Personal Key stored encrypted with static key

Plaintext Personal Key in log files

Cloud authentication bypass

Remote denial of service

Privilege escalation to SYSTEM

CVSS3 Score

5.3

5.3

5.5

8.8

7.5

7.8

CVSSv3 Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affecting

  • RemotePC for Windows before 7.6.48
  • RemotePC for Linux before 4.0.1
  • Mitigation

    Update RemotePC for Windows to 7.6.48 or later. Update RemotePC for Linux to 4.0.1 or later.

    06/17/2021