0 Replies Latest reply on Jan 21, 2020 3:02 PM by delswick

    Nessus scan -SolarWinds Dameware Mini Remote Control Unauthenticated RCE


      Good afternoon.

      I'm not sure if this question has already been posted. We recently ran a nessus scan and one of the 'critical severity' vulnerabilities is a Dameware MRC RCE.

      It says to apply the v12.1 HF3 or later which I did and on the three workstations that has the Dameware app, the vulnerability was remediated.

      The problem is it say we have 100+ hosts that has this vulnerability, but we only have three Dameware MRC app installed. Upon connecting to a few machines and installing the 'updated agent' this somehow fixes it.


      Aside from remotely connecting to all the remaining hosts individually, is there a better or more efficient way to solve this?



      Dameware MRC cve lists 100+hosts as vulnerable, applied the hotfix3 to the workstations that has the Dameware MRC app.

      Fixed the three workstations, but 100+hosts still vulnerable unless remotely connected individually to apply 'updated agent'.