Ncomputing · Ncomputing Vspace Pro · CVE-2018-10201
Name of the Vulnerable Software and Affected Versions:
NComputing vSpace Pro versions 10 through 11
Description:
A security issue in NcMonitorServer.exe allows reading arbitrary files outside the web server's root directory. This can be exploited remotely via a crafted URL to TCP port 8667, using directory-traversal patterns such as `../` or `..`. The issue can be exploited without credentials.
Recommendations:
For NComputing vSpace Pro versions 10 through 11, consider restricting access to TCP port 8667 until a fix is available. As a temporary workaround, limit the use of the NcMonitorServer.exe service to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.