2 results (0.003 seconds)

CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 7

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. RealVNC 4.1.1 y otros productos que usan RealVNC tales como AdderLink IP y Cisco CallManager, permite a atacantes remotos eludir autenticación a través de una petición en la que el cliente especifica un tipo de seguridad insegura como "Type 1 - None", que es aceptada incluso si no es ofrecida por el servidor, como se demuestra originalmente usando una contraseña larga. Detect VNC servers that support the "None" authentication method. • https://www.exploit-db.com/exploits/1791 https://www.exploit-db.com/exploits/1794 https://www.exploit-db.com/exploits/36932 https://www.exploit-db.com/exploits/17719 http://marc.info/?l=full-disclosure&m=114768344111131&w=2 http://marc.info/?l=vnc-list&m=114755444130188&w=2 http://seclists.org/fulldisclosure/2022/May/29 http://secunia.com/advisories/20107 http://secunia.com/advisories/20109 http://secunia.com/advisories/20789 http://securityreason.com/securityalert • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. • http://marc.info/?l=bugtraq&m=109346198700529&w=2 http://secunia.com/advisories/13143 http://www.securityfocus.com/bid/11048 https://exchange.xforce.ibmcloud.com/vulnerabilities/17123 •