CVE-2019-8267

{"id": "CVE-2019-8267", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-08T23:29:00.593", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf", "source": "vulnerability@kaspersky.com"}, {"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-014-ultravnc-out-of-bounds-read/", "tags": ["Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06", "source": "vulnerability@kaspersky.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-014-ultravnc-out-of-bounds-read/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vulnerability@kaspersky.com", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208."}, {"lang": "es", "value": "UltraVNC, en su revisi\u00f3n 1207, tiene una vulnerabilidad de lectura fuera de l\u00edmites en el c\u00f3digo VNC del cliente dentro del m\u00f3dulo \"TextChat\", lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. Esta vulnerabilidad se ha solucionado en la revisi\u00f3n 1208."}], "lastModified": "2024-11-21T04:49:36.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "555D034F-3D64-4ED1-9B63-F8D59199E99C", "versionEndExcluding": "1.2.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "vulnerability@kaspersky.com"}