CVE-2019-8272

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Published: Mar 9, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8272
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-193

Affected Software
References

Software	From	Fixed in
uvnc / ultravnc	-	1.2.2.3
siemens / sinumerik_pcu_base_win7_software/ipc	-	12.01.x
siemens / sinumerik_pcu_base_win10_software/ipc	-	14.00
siemens / sinumerik_access_mymachine/p2p	-	4.8

https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/
https://www.us-cert.gov/ics/advisories/icsa-20-161-06

Vulnerability Database

CVE-2019-8272