Vulnerabilities > CVE-2017-16674 - Unspecified vulnerability in Datto Windows Agent 1.0.5.0

CVSS 8.0 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

high complexity

datto

NVD

Published: 2017-11-09

Updated: 2019-10-03

Summary

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.

Vulnerable Configurations

Part	Description	Count
Application	Datto Datto Windows Agent 1.0.5.0	1

References

https://www.datto.com/partner-security-update-nov2017