Javier Bernardo

Name of the Vulnerable Software and Affected Versions: NComputing vSpace Pro versions 10 through 11 Description: A security issue in NcMonitorServer.exe allows reading arbitrary files outside the web server's root directory. This can be exploited remotely via a crafted URL to TCP port 8667, using directory-traversal patterns such as `../` or `..`. The issue can be exploited without credentials. Recommendations: For NComputing vSpace Pro versions 10 through 11, consider restricting access to TCP port 8667 until a fix is available. As a temporary workaround, limit the use of the NcMonitorServer.exe service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.