PT-2016-6630 · Ultravnc · Ultravnc Repeater

Dan Tentler

Publicado

2016-08-25

Atualizado

2016-11-28

CVE-2016-5673

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions UltraVNC Repeater versions prior to 1300

Description The issue allows remote attackers to obtain open-proxy functionality. This is achieved by using a :: substring in between the IP address and port number, as the software does not restrict destination IP addresses or TCP ports.

Recommendations For versions prior to 1300, restrict destination IP addresses and TCP ports to prevent open-proxy functionality. As a temporary workaround, consider restricting access to the repeater functionality until a patch is available.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-5673

Produtos afetados

Ultravnc Repeater

PT-2016-6630 · Ultravnc · Ultravnc Repeater

CVE-2016-5673

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5