Vulnerability Details : CVE-2019-17662
Public exploit exists!
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
Vulnerability category: Directory traversal
Products affected by CVE-2019-17662
- cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-17662
95.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-17662
-
ThinVNC Directory Traversal
Disclosure Date: 2019-10-16First seen: 2020-04-26auxiliary/scanner/http/thinvnc_traversalThis module exploits a directory traversal vulnerability in ThinVNC versions 1.0b1 and prior which allows unauthenticated users to retrieve arbitrary files, including the ThinVNC configuration file. This module has been tested successfully on ThinVNC versions 1.0b1
CVSS scores for CVE-2019-17662
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-17662
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-17662
-
http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
ThinVNC 1.0b1 Authentication Bypass ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/bewest/thinvnc/issues/5
Authentication Bypass and Arbitrary file read can compromise this VNC server · Issue #5 · bewest/thinvnc · GitHubThird Party Advisory
-
https://redteamzone.com/ThinVNC/
ThinVNC Client Authentication BypassExploit;Third Party Advisory
Jump to