CVE-2021-42714 – Splashtop Remote Client (Business Edition) crea... (How to Fix)

Q: What is the severity of CVE-2021-42714?

CVE-2021-42714 has a CVSS score of 7.8 (HIGH). Splashtop Remote Client (Business Edition) creates temporary files with insecure permissions, allowing local attackers to write arbitrary files to system directories. This affects all users running vulnerable versions of Splashtop Business Edition on Windows systems.

📋 TL;DR

Splashtop Remote Client (Business Edition) creates temporary files with insecure permissions, allowing local attackers to write arbitrary files to system directories. This affects all users running vulnerable versions of Splashtop Business Edition on Windows systems.

💻 Affected Systems

Products:

Splashtop Remote Client (Business Edition)

Versions: Through 3.4.8.3

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Business Edition, not Personal Edition. Requires local access to the system.

📦 What is this software?

Splashtop by Splashtop

View all CVEs affecting Splashtop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to SYSTEM-level access through arbitrary file writes to sensitive locations, potentially leading to full system compromise.

🟠

Likely Case

Local attackers can write malicious files to system directories, enabling persistence mechanisms or privilege escalation.

🟢

If Mitigated

With proper access controls and user privilege restrictions, impact limited to file writes in user-controlled directories.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this for privilege escalation within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. Proof of concept details available in Mandiant disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.8.4 and later

Vendor Advisory: https://www.splashtop.com/security

Restart Required: Yes

Instructions:

1. Download latest version from Splashtop Business portal. 2. Run installer as administrator. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote desktop access to trusted users only

Run with limited privileges

windows

Configure Splashtop to run with standard user privileges instead of administrative rights

🧯 If You Can't Patch

Remove Splashtop Business Edition from critical systems
Implement strict access controls and monitoring for systems with vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check Splashtop version in About dialog or Program Files\Splashtop Remote Client Business\version.txt

Check Version:

wmic product where name="Splashtop Remote Client Business" get version

Verify Fix Applied:

Verify version is 3.4.8.4 or higher in About dialog

📡 Detection & Monitoring

Log Indicators:

Unusual file creation in system directories by Splashtop processes
Multiple temporary file creation attempts

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Process creation where parent_process contains "Splashtop" and command_line contains "temp" or file_path contains "system32"

📊 Metadata

CVE ID: CVE-2021-42714

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-668

Published: February 15, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0005/MNDT-2022-0005.md Exploit,Third Party Advisory
https://www.splashtop.com/security Vendor Advisory
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0005/MNDT-2022-0005.md Exploit,Third Party Advisory
https://www.splashtop.com/security Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42714, you might also want to check these: