QwikSec

Security Database

CVE

CWE

Training

CVE-2021-33436

Published: Apr 28, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/active-labs/Advisories/blob/master/2021/ACTIVE-2021-001.md

x_refsource_MISC

https://knowledgebase.nomachine.com/TR05S10236

x_refsource_MISC

https://knowledgebase.nomachine.com/SU05S00224

x_refsource_MISC

https://knowledgebase.nomachine.com/SU05S00223

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.