Vulnerability Details : CVE-2002-1511
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
Threat overview for CVE-2002-1511
Top countries where our scanners detected CVE-2002-1511
Top open port discovered on systems with this issue
21
IPs affected by CVE-2002-1511 6
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2002-1511!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2002-1511
Probability of exploitation activity in the next 30 days: 0.79%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1511
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2002-1511
-
http://www.securityfocus.com/bid/6905
-
http://www.redhat.com/support/errata/RHSA-2003-068.html
-
http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog
-
http://www.iss.net/security_center/static/11384.php
Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-200302-15.xml
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
-
http://www.redhat.com/support/errata/RHSA-2003-041.html
Patch;Vendor Advisory
-
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
Products affected by CVE-2002-1511
- cpe:2.3:a:att:vnc:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:att:vnc:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:att:vnc:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:att:vnc:3.3.3r2:*:*:*:*:*:*:*
- cpe:2.3:a:att:vnc:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:tightvnc:tightvnc:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tightvnc:tightvnc:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:tightvnc:tightvnc:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:tightvnc:tightvnc:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:tightvnc:tightvnc:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:tightvnc:tightvnc:1.2.2:*:*:*:*:*:*:*