← volver
CVE-2019-17662

CVE-2019-17662

EPSS 96.8%
Vexday Risk Score
60Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS EPSS 96.8%KEV nãoPoC públicaNuclei simMetasploit simPatch
Ciclo de vida
16 oct 2019Exploit Metasploit disponible
16 oct 2019Publicada en NVD
17 oct 2019PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
Productos afectados
n/a · n/a
PoCs públicas encontradas9
githubgithub.com/MuirlandOracle/CVE-2019-1766219githubgithub.com/whokilleddb/CVE-2019-176622githubgithub.com/bl4ck574r/CVE-2019-176622githubgithub.com/thomas-osgood/CVE-2019-176621githubgithub.com/kxisxr/Bash-Script-CVE-2019-176621githubgithub.com/rajendrakumaryadav/CVE-2019-17662-Exploit1githubgithub.com/Tamagaft/CVE-2019-176620exploitdbwww.exploit-db.com/exploits/47519no verificadocve_referencepacketstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.htmlhttps://github.com/bewest/thinvnc/issues/5https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.pyhttps://redteamzone.com/ThinVNC/