CVE-2022-24750 – Low privilege user is able to exploit the service and gain SYSTEM privileges in UltraVNC server
https://notcve.org/view.php?id=CVE-2022-24750
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. • https://github.com/bowtiejicode/UltraVNC-DSMPlugin-LPE https://github.com/ultravnc/UltraVNC/commit/36a31b37b98f70c1db0428f5ad83170d604fb352 https://github.com/ultravnc/UltraVNC/security/advisories/GHSA-3mvp-cp5x-vj5g • CWE-269: Improper Privilege Management •
CVE-2019-8280
https://notcve.org/view.php?id=CVE-2019-8280
UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204. UltraVNC, en su revisión 1203, tiene una vulnerabilidad de acceso fuera de límites en el cliente VNC dentro del decodificador RAW, lo que podría conducir a una ejecución de código. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVE-2019-8277
https://notcve.org/view.php?id=CVE-2019-8277
UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. La revisión 1211 de UltraVNC contiene múltiples fugas de memoria en el código del servidor VNC, un atacante podría leer la pila de memoria pudiendo revelar información. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-665: Improper Initialization •
CVE-2019-8276
https://notcve.org/view.php?id=CVE-2019-8276
UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene una vulnerabilidad de desbordamiento de búfer basado en pila en el código del servidor VNC dentro del manipulador de peticiones de trasferencia de datos, lo que puede resultar en una denegación de servicio (DoS). Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-8275
https://notcve.org/view.php?id=CVE-2019-8275
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. UltraVNC, en su revisión 1211, tiene múltiples vulnerabilidades de terminación nulo en el código del servidor VNC, lo que podría resultar en un acceso de datos fuera de límites por parte de usuarios remotos. Este ataque parece ser explotable mediante la conectividad de red. • https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 https://www.us-cert.gov/ics/advisories/icsa-20-161-06 • CWE-170: Improper Null Termination •