Login Sign Up

CVE-2019-9017

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in SolarWinds DameWare Mini Remote Control allows attackers to cause a buffer overflow by manipulating the machine name size field. This can lead to denial of service or potentially arbitrary code execution. Organizations using the affected version of this remote administration tool are at risk.

💻 Affected Systems

Products:
  • SolarWinds DameWare Mini Remote Control
Versions: 10.0 x64
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the DWRCC component in the 64-bit version

📦 What is this software?

Dameware Mini Remote Control by Solarwinds

View all CVEs affecting Dameware Mini Remote Control →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and lateral movement within the network

🟠

Likely Case

Denial of service causing the DameWare service to crash, disrupting remote administration capabilities

🟢

If Mitigated

Service disruption only, with no privilege escalation or lateral movement

🌐 Internet-Facing: MEDIUM - While the service may be internet-facing, exploitation requires specific conditions and knowledge of the target
🏢 Internal Only: HIGH - Internal attackers or compromised systems could exploit this to disrupt IT operations

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists and demonstrates denial of service. Code execution may require additional development.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions (check SolarWinds for specific fixed version)

Vendor Advisory: https://www.solarwinds.com/securityadvisory

Restart Required: Yes

Instructions:

1. Check current DameWare version
2. Download latest version from SolarWinds portal
3. Install update following vendor instructions
4. Restart affected systems

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to DameWare services to trusted networks only

Use firewall rules to block external access to DameWare ports (typically 6129)

Service Disablement

windows

Temporarily disable DameWare services if not critically needed

sc stop "DameWare Mini Remote Control"
sc config "DameWare Mini Remote Control" start= disabled

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Monitor for crash events in DameWare service logs

🔍 How to Verify

Check if Vulnerable:

Check installed version of DameWare Mini Remote Control. Version 10.0 x64 is vulnerable.

Check Version:

Check program version in Control Panel > Programs and Features or run: wmic product where "name like '%DameWare%'" get version

Verify Fix Applied:

Verify installed version is newer than 10.0 x64 and test service functionality

📡 Detection & Monitoring

Log Indicators:

  • DameWare service crashes
  • Unexpected termination of dwrcs.exe or dwmrcs.exe processes

Network Indicators:

  • Unusual traffic to DameWare ports (typically 6129)
  • Malformed packets targeting the service

SIEM Query:

EventID: 1000 OR 1001 with Source: dwrcs.exe OR dwmrcs.exe

📊 Metadata

CVE ID: CVE-2019-9017
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: May 2, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-9017, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)