CVE-2021-34690 – CVE-2021-34690 allows unauthenticated remote at... (How to Fix)

Q: What is the severity of CVE-2021-34690?

CVE-2021-34690 has a CVSS score of 9.8 (CRITICAL). CVE-2021-34690 allows unauthenticated remote attackers to bypass cloud authentication in iDrive RemotePC for Windows, enabling them to connect to and control vulnerable systems via TCP ports 5970 and 5980. This affects Windows users running RemotePC versions before 7.6.48.

📋 TL;DR

CVE-2021-34690 allows unauthenticated remote attackers to bypass cloud authentication in iDrive RemotePC for Windows, enabling them to connect to and control vulnerable systems via TCP ports 5970 and 5980. This affects Windows users running RemotePC versions before 7.6.48.

💻 Affected Systems

Products:

iDrive RemotePC

Versions: Versions before 7.6.48

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows versions of RemotePC. Systems must have RemotePC installed and running.

📦 What is this software?

Remotepc by Idrive

View all CVEs affecting Remotepc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote attackers to execute arbitrary commands, steal data, install malware, or use the system as a pivot point for further attacks.

🟠

Likely Case

Unauthorized remote access leading to data theft, surveillance, or ransomware deployment on vulnerable systems.

🟢

If Mitigated

Limited impact if systems are isolated from the internet and proper network segmentation is in place.

🌐 Internet-Facing: HIGH - Systems exposed to the internet with vulnerable RemotePC installations can be directly attacked without authentication.

🏢 Internal Only: MEDIUM - Internal systems could still be compromised by attackers who gain initial access to the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit with publicly available proof-of-concept code, requiring only network access to the vulnerable ports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.6.48 and later

Vendor Advisory: https://www.remotepc.com/release-info

Restart Required: Yes

Instructions:

1. Download and install RemotePC version 7.6.48 or later from the official iDrive website. 2. Restart the system to ensure the update is fully applied.

🔧 Temporary Workarounds

Block vulnerable ports at firewall

windows

Block inbound connections to TCP ports 5970 and 5980 at network firewalls to prevent remote exploitation.

netsh advfirewall firewall add rule name="Block_RemotePC_Ports" dir=in action=block protocol=TCP localport=5970,5980

Disable RemotePC service

windows

Temporarily disable the RemotePC service until patching can be completed.

sc stop RemotePC
sc config RemotePC start= disabled

🧯 If You Can't Patch

Isolate affected systems from the internet and restrict network access to only trusted IP addresses.
Implement strict network monitoring for connections to TCP ports 5970 and 5980 and investigate any unauthorized access attempts.

🔍 How to Verify

Check if Vulnerable:

Check RemotePC version in the application interface or via Windows Programs and Features. If version is earlier than 7.6.48, the system is vulnerable.

Check Version:

wmic product where name="RemotePC" get version

Verify Fix Applied:

Confirm RemotePC version is 7.6.48 or later and test that authentication is required for remote connections.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful connections
Unexpected remote connections from unfamiliar IP addresses

Network Indicators:

Inbound connections to TCP ports 5970/5980 without preceding authentication traffic
Unusual outbound traffic patterns from systems running RemotePC

SIEM Query:

source_port=5970 OR source_port=5980 OR dest_port=5970 OR dest_port=5980 | stats count by src_ip, dest_ip

📊 Metadata

CVE ID: CVE-2021-34690

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: July 15, 2021

Last Updated: November 21, 2024

🔗 References

https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_01.txt Third Party Advisory
https://www.remotepc.com/release-info Release Notes,Vendor Advisory
https://raw.githubusercontent.com/jacob-baines/vuln_disclosure/main/vuln_2021_01.txt Third Party Advisory
https://www.remotepc.com/release-info Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34690, you might also want to check these: