CVE-2019-8276

UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf	Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/	Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf	Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/	Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-161-06	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:siemens:sinumerik_access_mymachine\/p2p::::::::
	cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\/ipc::::::::
	cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\/ipc::::::::

History

21 Nov 2024, 04:49

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf - Third Party Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf - Third Party Advisory
References	~~() https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/ - Third Party Advisory~~	() https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/ - Third Party Advisory
References	~~() https://www.us-cert.gov/ics/advisories/icsa-20-161-06 - Third Party Advisory, US Government Resource~~	() https://www.us-cert.gov/ics/advisories/icsa-20-161-06 - Third Party Advisory, US Government Resource

Information

Published : 2019-03-08 23:29

Updated : 2024-11-21 04:49

NVD link : CVE-2019-8276

Mitre link : CVE-2019-8276

CVE.ORG link : CVE-2019-8276

JSON object : View

Products Affected

siemens

sinumerik_pcu_base_win7_software\/ipc
sinumerik_access_mymachine\/p2p
sinumerik_pcu_base_win10_software\/ipc

uvnc

ultravnc

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-8276

7.5^/10

5.0^/10

Attach tags to `CVE-2019-8276`