CVE-2021-31217: 
SolarWinds DameWare Mini Remote Control vulnerability analysis and mitigation

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, a vulnerability was discovered related to insecure file permissions that allowed file deletion with system-level access. The vulnerability was assigned CVE-2021-31217 and was disclosed in July 2021. The issue affected DameWare Mini Remote Control Server version 12.0.1.200 (SolarWinds Advisory).

The vulnerability stems from insecure folder permissions of the Dameware Mini Remote Control Service installation. When a repair was initiated by the Windows Installer, the insecure permissions allowed privileged system-level file deletion. The vulnerability was rated as High severity (Rapid7).

The vulnerability could allow an attacker with local access to delete files with SYSTEM privileges, potentially impacting system availability and integrity (CVE Mitre).

SolarWinds addressed this vulnerability in Dameware version 12.2. Due to improved security standards, Dameware 12.2 is not compatible with older agent versions. Users must remove existing agents and install version 12.2 either through the application or via the agent installer (SolarWinds Release Notes).