CVE-2018-10201
CVE-2018-10201
Vexday Risk Score
50Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 45.6%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
20 Apr 2018Published on NVD
23 Apr 2018Public PoC
Weaponization speed
3 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44497/unverifiedexploitdbwww.exploit-db.com/exploits/44497unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.