Vulnerability Details : CVE-2006-2369
Public exploit exists!
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
Vulnerability category: BypassGain privilege
Products affected by CVE-2006-2369
- cpe:2.3:a:vnc:realvnc:4.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2369
97.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-2369
-
RealVNC NULL Authentication Mode Bypass
Disclosure Date: 2006-05-15First seen: 2020-04-26auxiliary/admin/vnc/realvnc_41_bypassThis module exploits an Authentication bypass Vulnerability in RealVNC Server version 4.1.0 and 4.1.1. It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine. -
VNC Authentication None Detection
First seen: 2020-04-26auxiliary/scanner/vnc/vnc_none_authDetect VNC servers that support the "None" authentication method. Authors: - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com>
CVSS scores for CVE-2006-2369
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-2369
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-2369
-
Red Hat 2006-08-16This issue only affected version 4.1.1 and not the versions distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
References for CVE-2006-2369
-
http://www.kb.cert.org/vuls/id/117929
VU#117929 - RealVNC Server does not validate client authentication methodPatch;Third Party Advisory;US Government Resource
-
http://www.securityfocus.com/archive/1/434015/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/2492
Site en constructionVendor Advisory
-
http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html
VNC Flaw – Proof of concept | Remote Administration For WindowsExploit;Patch
-
http://www.vupen.com/english/advisories/2006/1790
Site en constructionVendor Advisory
-
http://www.securityfocus.com/archive/1/438175/100/0/threaded
-
http://www.securityfocus.com/archive/1/434518/100/0/threaded
-
http://securityreason.com/securityalert/8355
RealVNC Authentication Bypass - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26445
RealVNC authentication bypass CVE-2006-2369 Vulnerability Report
-
http://marc.info/?l=full-disclosure&m=114768344111131&w=2
'[Full-disclosure] RealVNC 4.1.1 Remote Compromise' - MARC
-
http://www.realvnc.com/products/free/4.1/release-notes.html
Benefits | VNC® ConnectPatch
-
http://www.securityfocus.com/bid/17978
RealVNC Remote Authentication Bypass VulnerabilityExploit;Patch
-
http://marc.info/?l=vnc-list&m=114755444130188&w=2
'Version 4.1.2' - MARC
-
http://seclists.org/fulldisclosure/2022/May/29
Full Disclosure: some details regarding CVE-2022-24422 / iDRAC VNC authentication
-
http://www.vupen.com/english/advisories/2006/1821
Site en constructionVendor Advisory
-
http://www.securityfocus.com/archive/1/434560/100/0/threaded
-
http://www.securityfocus.com/archive/1/434117/100/0/threaded
-
http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml
Cisco: Software, Network, and Cybersecurity Solutions - Cisco
-
http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html
Security flaw in RealVNC 4.1.1 | Remote Administration For Windows
-
http://securitytracker.com/id?1016083
Access DeniedExploit;Patch
-
http://www.securityfocus.com/archive/1/438368/100/0/threaded
-
http://www.securityfocus.com/archive/1/433994/100/0/threaded
Jump to