9.8
CRITICAL
CVE-2019-17662
ThinVNC Remote File Read Vulnerability
Description

ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.

INFO

Published Date :

Oct. 16, 2019, 6:15 p.m.

Last Modified :

Nov. 21, 2024, 4:32 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2019-17662 has a 29 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-17662 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cybelsoft thinvnc
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-17662.

URL Resource
http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html Exploit Third Party Advisory VDB Entry
https://github.com/bewest/thinvnc/issues/5 Third Party Advisory
https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py Broken Link
https://redteamzone.com/ThinVNC/ Exploit Third Party Advisory
http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html Exploit Third Party Advisory VDB Entry
https://github.com/bewest/thinvnc/issues/5 Third Party Advisory
https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py Broken Link
https://redteamzone.com/ThinVNC/ Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
lions2012/Penetration_Testing_POC

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Assembly Python Shell PHP C++ C Go Ruby HTML Java

Updated: 2 months, 2 weeks ago
7 stars 0 fork 0 watcher
Born at : Feb. 7, 2024, 2:08 p.m. This repo has been linked 305 different CVEs too.
Profile Photo
iluaster/getdrive_PoC

PoC. Severity critical.

Shell Ruby Python PHP

Updated: 1 year, 7 months ago
0 stars 1 fork 1 watcher
Born at : Aug. 10, 2023, 8:31 p.m. This repo has been linked 18 different CVEs too.
Profile Photo
getdrive/PoC

PoC. Severity critical.

cve-2023-1671 cve-2023-27350 cve-2023-2868 cve-2023-3519 cve-2023-34960 exploit poc cve-2023-28121 cve-2023-28771 cve-2023-35885 cve-2023-38646 cve-2023-34124 citrix sonicwall cve-2023-4596 cve-2023-26469 cve-2023-23333 ivanti cve-2023-40044 cve-2023-22515

Shell Python Ruby PHP

Updated: 3 months ago
69 stars 16 fork 16 watcher
Born at : Aug. 5, 2023, 11:02 a.m. This repo has been linked 38 different CVEs too.
Profile Photo
medarov411/vnc-lab-cve-2019-17662

None

CSS HTML JavaScript

Updated: 5 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 22, 2023, 11:19 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
thomas-osgood/CVE-2019-17662

Golang implementation of ThinVNC exploit CVE-2019-17662. For educational purposes only.

Go

Updated: 3 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : May 19, 2023, 3:12 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
xuetusummer/Penetration_Testing_POC

None

Assembly Python Shell PHP C++ C Go Ruby HTML Java

Updated: 2 months, 3 weeks ago
9 stars 4 fork 4 watcher
Born at : Nov. 25, 2022, 2:30 a.m. This repo has been linked 270 different CVEs too.
Profile Photo
bl4ck574r/CVE-2019-17662

None

Python

Updated: 2 years, 3 months ago
2 stars 0 fork 0 watcher
Born at : Sept. 13, 2022, 9:53 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
MajortomVR/exploits

None

Python

Updated: 6 months ago
0 stars 0 fork 0 watcher
Born at : Aug. 3, 2022, 12:51 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
Tamagaft/CVE-2019-17662

Golang implementation of CVE-2019-17662 TinyVNC Arbitrary File Read leading to Authentication Bypass Exploit

Go

Updated: 2 years, 8 months ago
0 stars 0 fork 0 watcher
Born at : June 19, 2022, 4:33 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
ZTK-009/Penetration_PoC

None

Assembly Python Shell PHP C++ C Go

Updated: 6 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : April 8, 2022, 10:20 a.m. This repo has been linked 126 different CVEs too.
Profile Photo
winterwolf32/CVE-S---Penetration_Testing_POC-

None

Assembly Python Shell PHP C++ C Go Ruby HTML Java

Updated: 2 months, 2 weeks ago
15 stars 10 fork 10 watcher
Born at : Jan. 27, 2022, 9:53 a.m. This repo has been linked 193 different CVEs too.
Profile Photo
CnHack3r/Penetration_PoC

FROM:@Mr-xn 渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

exploit cve cobaltstrike rce bypass cms-framework cms-exploits sql-scanner

Assembly Python Shell PHP C++ C Go

Updated: 5 months, 2 weeks ago
19 stars 7 fork 7 watcher
Born at : Jan. 11, 2022, 7:35 a.m. This repo has been linked 126 different CVEs too.
Profile Photo
rajendrakumaryadav/CVE-2019-17662-Exploit

Exploit For CVE-2019-17662

C CMake

Updated: 3 years, 4 months ago
1 stars 0 fork 0 watcher
Born at : Oct. 18, 2021, 8:26 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
rnbochsr/atlas

TryHackMe room atlas

Python PowerShell C++ C

Updated: 3 years, 5 months ago
0 stars 2 fork 2 watcher
Born at : Oct. 8, 2021, 3:31 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
whokilleddb/CVE-2019-17662

Exploit for CVE-2019-17662 (ThinVNC 1.0b1)

exploit cve poc cve-2019-17662 thinvnc

Makefile C

Updated: 3 years, 4 months ago
1 stars 1 fork 1 watcher
Born at : Oct. 2, 2021, 3:57 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-17662 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-17662 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
    Added Reference https://github.com/bewest/thinvnc/issues/5
    Added Reference https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py
    Added Reference https://redteamzone.com/ThinVNC/
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CWE Remap by [email protected]

    Aug. 24, 2020

    Action Type Old Value New Value
    Changed CWE CWE-22 CWE-522 CWE-22
  • Initial Analysis by [email protected]

    Oct. 21, 2019

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html No Types Assigned http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type https://github.com/bewest/thinvnc/issues/5 No Types Assigned https://github.com/bewest/thinvnc/issues/5 Third Party Advisory
    Changed Reference Type https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py No Types Assigned https://github.com/shashankmangal2/Exploits/blob/master/ThinVNC-RemoteAccess/POC.py Broken Link
    Changed Reference Type https://redteamzone.com/ThinVNC/ No Types Assigned https://redteamzone.com/ThinVNC/ Exploit, Third Party Advisory
    Added CWE NIST CWE-22
    Added CPE Configuration OR *cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Oct. 17, 2019

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-17662 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-17662 weaknesses.

CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic Using Slashes and URL Encoding Combined to Bypass Validation Logic CAPEC-76: Manipulating Web Input to File System Calls Manipulating Web Input to File System Calls CAPEC-78: Using Escaped Slashes in Alternate Encoding Using Escaped Slashes in Alternate Encoding CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-126: Path Traversal Path Traversal CAPEC-50: Password Recovery Exploitation Password Recovery Exploitation CAPEC-102: Session Sidejacking Session Sidejacking CAPEC-474: Signature Spoofing by Key Theft Signature Spoofing by Key Theft CAPEC-509: Kerberoasting Kerberoasting CAPEC-551: Modify Existing Service Modify Existing Service CAPEC-555: Remote Services with Stolen Credentials Remote Services with Stolen Credentials CAPEC-560: Use of Known Domain Credentials Use of Known Domain Credentials CAPEC-561: Windows Admin Shares with Stolen Credentials Windows Admin Shares with Stolen Credentials CAPEC-600: Credential Stuffing Credential Stuffing CAPEC-644: Use of Captured Hashes (Pass The Hash) Use of Captured Hashes (Pass The Hash) CAPEC-645: Use of Captured Tickets (Pass The Ticket) Use of Captured Tickets (Pass The Ticket) CAPEC-652: Use of Known Kerberos Credentials Use of Known Kerberos Credentials CAPEC-653: Use of Known Operating System Credentials Use of Known Operating System Credentials
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

94.86 }} -0.00%

score

0.99482

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: