CVE-2019-8261

{"id": "CVE-2019-8261", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-03-05T15:29:00.443", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "source": "vulnerability@kaspersky.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf", "source": "vulnerability@kaspersky.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf", "source": "vulnerability@kaspersky.com"}, {"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-007-ultravnc-out-of-bound-read/", "tags": ["Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", "source": "vulnerability@kaspersky.com"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06", "source": "vulnerability@kaspersky.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-007-ultravnc-out-of-bound-read/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vulnerability@kaspersky.com", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200."}, {"lang": "es", "value": "UltraVNC, en su revisi\u00f3n 1199, contiene una vulnerabilidad de lectura fuera de l\u00edmites en el c\u00f3digo VNC dentro del decodificador del cliente CoRRE, provocado por el desbordamiento de multiplicaciones. Este ataque parece ser explotable mediante la conectividad de red. Esto se ha solucionado en la revisi\u00f3n 1200."}], "lastModified": "2024-11-21T04:49:35.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C", "versionEndExcluding": "1.2.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "vulnerability@kaspersky.com"}