CVE-2022-25226

2022-04-1816:20:44

Fluid Attacks

www.cve.org

10 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via ‘http://thin-vnc:8080/cmd?cmd=connect’ by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.

CNA Affected

[
  {
    "product": "ThinVNC",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "1.0b1"
      }
    ]
  }
]

References

fluidattacks.com/advisories/sinatra/