CVE-2021-47771
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cinspiration | rdp_manager | 4.9.9.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47771 is a local denial of service vulnerability in RDP Manager version 4.9.9.3. It occurs because the application does not restrict the size of input in the 'Verbindungsname' (connection name) and 'Server' fields. A local attacker with privileged access can enter excessively large strings (up to 1024 characters) into these fields, causing the application to freeze, crash, and become permanently unusable. The corrupted data can also be introduced by modifying exported backup files containing the SQLite database and re-importing them, which similarly causes persistent crashes. Recovery requires a full reinstallation and manual deletion of corrupted database files. [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the RDP Manager software to freeze and crash permanently, resulting in a denial of service. The application becomes unusable until it is fully reinstalled and corrupted database files are manually deleted. This disruption can affect users who rely on RDP Manager for managing remote desktop connections, potentially causing loss of productivity and requiring time-consuming recovery steps. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the RDP Manager version 4.9.9.3 is installed and by attempting to add or inspect entries in the 'Verbindungsname' and 'Server' fields for oversized input strings (up to 1024 characters). There are no specific network detection commands since the vulnerability is local and requires local privileged access. Detection involves local inspection or testing by entering large strings in the connection input fields or by exporting and examining the SQLite database file 'sqLitedatabase.db3' for malformed entries. No specific command-line tools or commands are provided for detection. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local privileged access to trusted users only, avoiding entering oversized strings in the 'Verbindungsname' and 'Server' fields, and not importing modified or suspicious backup files containing the SQLite database. If the application crashes due to this vulnerability, recovery requires a full reinstallation of RDP Manager 4.9.9.3 and manual deletion of the corrupted SQLite database file 'sqLitedatabase.db3'. Additionally, monitoring and controlling local user actions can help prevent exploitation. [1, 2]