9.8
CVE-2019-8272
- EPSS 1.49%
- Veröffentlicht 08.03.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:37
- Quelle vulnerability@kaspersky.com
- Teams Watchlist Login
- Unerledigt Login
UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Sinumerik Access Mymachine/p2p Version < 4.8
Siemens ≫ Sinumerik Pcu Base Win10 Software/ipc Version < 14.00
Siemens ≫ Sinumerik Pcu Base Win7 Software/ipc Version <= 12.01
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.49% | 0.793 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-193 Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.