Vulnerabilities > CVE-2017-16674 - Unspecified vulnerability in Datto Windows Agent 1.0.5.0

CVSS 4.9 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

datto

NVD

Published: 2017-11-09

Updated: 2019-10-03

Summary

Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.

Vulnerable Configurations

Part	Description	Count
Application	Datto Datto Windows Agent 1.0.5.0	1

References

https://www.datto.com/partner-security-update-nov2017