← Zuruck zu CVEs

CVE-2019-8263

MEDIUM

6.5

Beschreibung

UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.

CVE Details

CVSS v3.1 Bewertung6.5

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht3/5/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

siemens:sinumerik_access_mymachine\/p2psiemens:sinumerik_pcu_base_win10_software\/ipcsiemens:sinumerik_pcu_base_win7_software\/ipcuvnc:ultravnc

Schwachen (CWE)

CWE-121CWE-787

Referenzen

https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf(vulnerability@kaspersky.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf(vulnerability@kaspersky.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf(vulnerability@kaspersky.com)

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/(vulnerability@kaspersky.com)

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/(vulnerability@kaspersky.com)

https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11(vulnerability@kaspersky.com)

https://www.us-cert.gov/ics/advisories/icsa-20-161-06(vulnerability@kaspersky.com)

https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/(af854a3a-2127-422b-91ae-364da2661108)

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/(af854a3a-2127-422b-91ae-364da2661108)

https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11(af854a3a-2127-422b-91ae-364da2661108)

https://www.us-cert.gov/ics/advisories/icsa-20-161-06(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.