Lucene search

K

[email protected]NVD:CVE-2019-15681

HistoryOct 29, 2019 - 7:15 p.m.

CVE-2019-15681

2019-10-2919:15:18

CWE-665

[email protected]

web.nvd.nist.gov

3

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Affected configurations

NVD

Node

libvnc_projectlibvncserverRange<0.9.12

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch16.04esm

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

OR

canonicalubuntu_linuxMatch18.10

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

Node

siemenssimatic_itc1500Match-

AND

siemenssimatic_itc1500_firmwareRange3.0.0.0–3.2.1.0

Node

siemenssimatic_itc1500_proMatch-

AND

siemenssimatic_itc1500_pro_firmwareRange3.0.0.0–3.2.1.0

Node

siemenssimatic_itc1900Match-

AND

siemenssimatic_itc1900_firmwareRange3.0.0.0–3.2.1.0

Node

siemenssimatic_itc1900_proMatch-

AND

siemenssimatic_itc1900_pro_firmwareRange3.0.0.0–3.2.1.0

Node

siemenssimatic_itc2200Match-

AND

siemenssimatic_itc2200_firmwareRange3.0.0.0–3.2.1.0

Node

siemenssimatic_itc2200_proMatch-

AND

siemenssimatic_itc2200_pro_firmwareRange3.0.0.0–3.2.1.0

References

lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html

lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html

cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a

lists.debian.org/debian-lts-announce/2019/10/msg00039.html

lists.debian.org/debian-lts-announce/2019/10/msg00042.html

lists.debian.org/debian-lts-announce/2019/11/msg00032.html

lists.debian.org/debian-lts-announce/2019/12/msg00028.html

usn.ubuntu.com/4407-1/

usn.ubuntu.com/4547-1/

usn.ubuntu.com/4573-1/

usn.ubuntu.com/4587-1/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.2%

Related for NVD:CVE-2019-15681

mageia3 veracode1 openvas25 debian4 nessus27 osv8 cvelist1 redhatcve1 debiancve1 prion1 alpinelinux1 virtuozzo1 ubuntucve1 cve1 suse2 ubuntu4 threatpost1 ics1