9.8

CVE-2019-8272

EPSS 1.49%
Published 08.03.2019 23:29:00
Last modified 21.11.2024 04:49:37
Source vulnerability@kaspersky.com
Teams watchlist Login
Open Login

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Uvnc ≫ Ultravnc Version < 1.2.2.3

Siemens ≫ Sinumerik Access Mymachine/p2p Version < 4.8

Siemens ≫ Sinumerik Pcu Base Win10 Software/ipc Version < 14.00

Siemens ≫ Sinumerik Pcu Base Win7 Software/ipc Version <= 12.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.49%	0.793

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf

Third Party Advisory

https://www.us-cert.gov/ics/advisories/icsa-20-161-06

Third Party Advisory

US Government Resource

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-8272

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8272

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8272

EUVD