← voltar
CVE-2019-17662

CVE-2019-17662

EPSS 96.8%
Vexday Risk Score
60Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 96.8%KEV nãoPoC públicaNuclei simMetasploit simPatch
Ciclo de vida
16 out 2019Exploit Metasploit disponível
16 out 2019Publicada no NVD
17 out 2019PoC pública
Recomendação: Planejar correção próxima — já existe PoC pública.
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
Produtos afetados
n/a · n/a
PoCs públicas encontradas9
githubgithub.com/MuirlandOracle/CVE-2019-1766219githubgithub.com/whokilleddb/CVE-2019-176622githubgithub.com/bl4ck574r/CVE-2019-176622githubgithub.com/thomas-osgood/CVE-2019-176621githubgithub.com/kxisxr/Bash-Script-CVE-2019-176621githubgithub.com/rajendrakumaryadav/CVE-2019-17662-Exploit1githubgithub.com/Tamagaft/CVE-2019-176620exploitdbwww.exploit-db.com/exploits/47519não verificadocve_referencepacketstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.htmlhttps://github.com/bewest/thinvnc/issues/5https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.pyhttps://redteamzone.com/ThinVNC/