cbcvebase.
CVE-2018-10201
published 2018-04-20

CVE-2018-10201: An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root…

PriorityP271high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
45.63%
98.6th percentile
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.

Affected

2 ranges
VendorProductVersion rangeFixed in
ncomputingvspace_pro
ncomputingvspace_pro

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://your_vSpace_server:8667/.../.../.../.../.../.../.../.../.../windows/win.ini
urlhttp://your_vSpace_server:8667/...\...\...\...\...\...\...\...\...\windows\win.ini
urlhttp://your_vSpace_server:8667/..../..../..../..../..../..../..../..../..../windows/win.ini
urlhttp://your_vSpace_server:8667/....\....\....\....\....\....\....\....\....\windows\win.ini
path/windows/win.ini
processNcMonitorServer.exe
  • Exploitation requires no credentials; any unauthenticated GET request to port 8667 with traversal patterns should be treated as suspicious.
  • Confirm successful exploitation by checking HTTP response body for win.ini content markers: 'bit app support', 'fonts', and 'extensions' all present simultaneously.
  • Use nmap to identify exposed NcMonitorServer instances: scan for TCP port 8667 open on hosts running NComputing vSpace Pro.
  • ·The traversal depth used in the PoC is 9 levels deep (nine traversal segments) before reaching the target file path; shallower traversal attempts may not escape the web root.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.