Description
An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.
References (3)
Core 3
Core References
Not Applicable
https://github.com/NyaMeeEain/Infrastructure-Assessment/blob/master/Privilege%20Escalation/Common%20Windows%20Privilege%20Escalation.md
Third Party Advisory, VDB Entry
https://packetstormsecurity.com/files/170794/mRemoteNG-1.76.20-Privilege-Escalation.html
Issue Tracking
https://github.com/mRemoteNG/mRemoteNG/issues/2338
Scores
CVSS v3
7.8
EPSS
0.0037
EPSS Percentile
28.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
mremoteng/mremoteng
1.76.20
Published
Feb 02, 2023
Tracked Since
Feb 18, 2026