CVE-2019-8275

Name of the Vulnerable Software and Affected Versions UltraVNC versions prior to revision 1212 UltraVNC revision 1211

Description The issue is related to insufficient input validation in the UltraVNC software, which is part of the TelevisGo monitoring, control, and remote maintenance block for commercial cold production. This can allow a remote attacker to execute arbitrary code. The vulnerability is due to multiple improper null termination issues in the VNC server code, resulting in out-of-bound data access by remote users. The attack is exploitable via network connectivity.

Recommendations For UltraVNC revision 1211, update to revision 1212 or later to resolve the issue. For UltraVNC versions prior to revision 1212, update to revision 1212 or later to fix the vulnerabilities. As a temporary workaround, consider restricting network connectivity to the VNC server until the update is applied.