Описание
OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.
Ссылки
- https://cert.grnet.gr/en/blog/cve-2022-36436-twisted-vnc-authentication-proxy-authentication-bypass/ExploitPatch
- Patch
- Release Notes
- Product
- https://cert.grnet.gr/en/blog/cve-2022-36436-twisted-vnc-authentication-proxy-authentication-bypass/ExploitPatch
- Patch
- Release Notes
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (исключая)
cpe:2.3:a:osuosl:twisted_vnc_authentication_proxy:*:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00138
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
почти 3 года назад
VNCAuthProxy authentication bypass vulnerability
EPSS
Процентиль: 35%
0.00138
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-287