CVE-2019-17662

EPSS 96.8%

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 96.8%KEV nãoPoC públicaNuclei simMetasploit simPatch —

Lifecycle

16 Oct 2019Metasploit module available

16 Oct 2019Published on NVD

17 Oct 2019Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.

Affected products

n/a · n/a

public PoCs found — 9

githubgithub.com/MuirlandOracle/CVE-2019-17662★ 19 githubgithub.com/whokilleddb/CVE-2019-17662★ 2 githubgithub.com/bl4ck574r/CVE-2019-17662★ 2 githubgithub.com/thomas-osgood/CVE-2019-17662★ 1 githubgithub.com/kxisxr/Bash-Script-CVE-2019-17662★ 1 githubgithub.com/rajendrakumaryadav/CVE-2019-17662-Exploit★ 1 githubgithub.com/Tamagaft/CVE-2019-17662★ 0 exploitdbwww.exploit-db.com/exploits/47519unverified cve_referencepacketstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html https://github.com/bewest/thinvnc/issues/5 https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py https://redteamzone.com/ThinVNC/