Vulnerability Details CVE-2018-15361
UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-003-ultravnc-buffer-underwrite/
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06
Products affected by CVE-2018-15361
-
cpe:2.3:a:uvnc:ultravnc:1.0.9.6.2
-
cpe:2.3:a:uvnc:ultravnc:1.1.8.9
-
cpe:2.3:a:uvnc:ultravnc:1.1.9.3
-
cpe:2.3:a:uvnc:ultravnc:1.1.9.6
-
cpe:2.3:a:uvnc:ultravnc:1.2.0.5
-
cpe:2.3:a:uvnc:ultravnc:1.2.0.9
-
cpe:2.3:a:uvnc:ultravnc:1.2.1.0
-
cpe:2.3:a:uvnc:ultravnc:1.2.1.2
-
cpe:2.3:a:uvnc:ultravnc:1.2.1.6
-
cpe:2.3:a:uvnc:ultravnc:1.2.1.7
-
cpe:2.3:a:uvnc:ultravnc:1.2.2.2