ID CVE-2019-15679
Summary TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References
Vulnerable Configurations
  • cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-12-2020 - 17:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
misc https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
mlist
  • [debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update
  • [oss-security] 20181210 libvnc and tightvnc vulnerabilities
Last major update 09-12-2020 - 17:15
Published 29-10-2019 - 19:15
Last modified 09-12-2020 - 17:15
Back to Top