How severe is CVE-2019-8268?

CVE-2019-8268 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2019-8268

9.8CRITICAL

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. T

Publicado: 3/8/2019Atualizado: 11/21/2024

Descrição

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

Análise IADesenvolvido por IA

Produtos Afetados

uvncultravnc

siemenssinumerik_access_mymachine\/p2p

siemenssinumerik_pcu_base_win10_software\/ipc

siemenssinumerik_pcu_base_win7_software\/ipc

Referências

https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-06
Third Party AdvisoryUS Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-06
Third Party AdvisoryUS Government Resource