Vulnerabilites related to cybelsoft - thinvnc
cve-2022-25226
Vulnerability from cvelistv5
Published
2022-04-18 16:20
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fluidattacks.com/advisories/sinatra/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/sinatra/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinVNC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0b1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via \u0027http://thin-vnc:8080/cmd?cmd=connect\u0027 by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:20:44",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fluidattacks.com/advisories/sinatra/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "help@fluidattacks.com",
"ID": "CVE-2022-25226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinVNC",
"version": {
"version_data": [
{
"version_value": "1.0b1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via \u0027http://thin-vnc:8080/cmd?cmd=connect\u0027 by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fluidattacks.com/advisories/sinatra/",
"refsource": "MISC",
"url": "https://fluidattacks.com/advisories/sinatra/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-25226",
"datePublished": "2022-04-18T16:20:44",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17662
Vulnerability from cvelistv5
Published
2019-10-16 17:24
Modified
2024-08-05 01:47
Severity ?
EPSS score ?
Summary
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
References
| ▼ | URL | Tags |
|---|---|---|
| https://redteamzone.com/ThinVNC/ | x_refsource_MISC | |
| https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py | x_refsource_MISC | |
| https://github.com/bewest/thinvnc/issues/5 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redteamzone.com/ThinVNC/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bewest/thinvnc/issues/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T16:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redteamzone.com/ThinVNC/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bewest/thinvnc/issues/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redteamzone.com/ThinVNC/",
"refsource": "MISC",
"url": "https://redteamzone.com/ThinVNC/"
},
{
"name": "https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py",
"refsource": "MISC",
"url": "https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py"
},
{
"name": "https://github.com/bewest/thinvnc/issues/5",
"refsource": "MISC",
"url": "https://github.com/bewest/thinvnc/issues/5"
},
{
"name": "http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17662",
"datePublished": "2019-10-16T17:24:07",
"dateReserved": "2019-10-16T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-10-16 18:15
Modified
2024-11-21 04:32
Severity ?
Summary
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/bewest/thinvnc/issues/5 | Third Party Advisory | |
| cve@mitre.org | https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py | Broken Link | |
| cve@mitre.org | https://redteamzone.com/ThinVNC/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bewest/thinvnc/issues/5 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://redteamzone.com/ThinVNC/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "78FF286A-9DE2-4B98-B97B-ADCE15C80256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector."
},
{
"lang": "es",
"value": "ThinVNC versi\u00f3n 1.0b1, es vulnerable a la lectura arbitraria de archivos, lo que conlleva a un compromiso del servidor VNC. La vulnerabilidad se presenta incluso cuando la autenticaci\u00f3n se activa durante la implementaci\u00f3n del servidor VNC. La contrase\u00f1a para la autenticaci\u00f3n es almacenada en texto sin cifrar en un archivo que se puede leer por medio de un vector de ataque de salto de directorio de ../../ThinVnc.ini."
}
],
"id": "CVE-2019-17662",
"lastModified": "2024-11-21T04:32:43.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-16T18:15:25.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bewest/thinvnc/issues/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://redteamzone.com/ThinVNC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bewest/thinvnc/issues/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://redteamzone.com/ThinVNC/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 06:51
Severity ?
Summary
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| help@fluidattacks.com | https://fluidattacks.com/advisories/sinatra/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fluidattacks.com/advisories/sinatra/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "78FF286A-9DE2-4B98-B97B-ADCE15C80256",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via \u0027http://thin-vnc:8080/cmd?cmd=connect\u0027 by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server."
},
{
"lang": "es",
"value": "ThinVNC versi\u00f3n 1.0b1, permite a un usuario no autenticado omitir el proceso de autenticaci\u00f3n por medio de \"http://thin-vnc:8080/cmd?cmd=connect\" al obtener un SID v\u00e1lido sin ning\u00fan tipo de autenticaci\u00f3n. Es posible lograr una ejecuci\u00f3n de c\u00f3digo en el servidor mediante el env\u00edo de eventos de teclado o rat\u00f3n al servidor"
}
],
"id": "CVE-2022-25226",
"lastModified": "2024-11-21T06:51:50.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-18T17:15:16.693",
"references": [
{
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/sinatra/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fluidattacks.com/advisories/sinatra/"
}
],
"sourceIdentifier": "help@fluidattacks.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}