Описание
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.77082
Высокий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 10
github
почти 4 года назад
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
EPSS
Процентиль: 99%
0.77082
Высокий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-Other