CVE-2022-24750Improper Privilege Management in Ultravnc

CWE-269Improper Privilege Management3 documents2 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 71.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
UltravncUvnc Ultravnc
Timeline
PublishedMar 10
Latest updateApr 15

Description

UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. It is adv

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDuvnc/ultravnc< 1.3.8.1
CVEListV5ultravnc/ultravnc< 1.3.8.0

Patches

Patch: github.comPatch: github.comPatch: github.com

📋Vendor Advisories

2
Oracle
Oracle Oracle Blockchain Platform Risk Matrix: BCS Console (jackson-databind) — CVE-2020-247502022-04-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: PresenceApi (jackson-databind) — CVE-2020-247502022-01-15