CVE-2018-20019

LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/	Broken Link
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201908-05	Third Party Advisory
https://usn.ubuntu.com/3877-1/	Third Party Advisory
https://usn.ubuntu.com/4547-1/	Third Party Advisory
https://usn.ubuntu.com/4587-1/	Third Party Advisory
https://www.debian.org/security/2019/dsa-4383	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf	Patch Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/	Broken Link
https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201908-05	Third Party Advisory
https://usn.ubuntu.com/3877-1/	Third Party Advisory
https://usn.ubuntu.com/4547-1/	Third Party Advisory
https://usn.ubuntu.com/4587-1/	Third Party Advisory
https://www.debian.org/security/2019/dsa-4383	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:00

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory
References	~~() https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ - Broken Link~~	() https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ - Broken Link
References	~~() https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html - Mailing List, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html - Mailing List, Third Party Advisory
References	~~() https://security.gentoo.org/glsa/201908-05 - Third Party Advisory~~	() https://security.gentoo.org/glsa/201908-05 - Third Party Advisory
References	~~() https://usn.ubuntu.com/3877-1/ - Third Party Advisory~~	() https://usn.ubuntu.com/3877-1/ - Third Party Advisory
References	~~() https://usn.ubuntu.com/4547-1/ - Third Party Advisory~~	() https://usn.ubuntu.com/4547-1/ - Third Party Advisory
References	~~() https://usn.ubuntu.com/4587-1/ - Third Party Advisory~~	() https://usn.ubuntu.com/4587-1/ - Third Party Advisory
References	~~() https://www.debian.org/security/2019/dsa-4383 - Third Party Advisory~~	() https://www.debian.org/security/2019/dsa-4383 - Third Party Advisory

Information

Published : 2018-12-19 16:29

Updated : 2024-11-21 04:00

NVD link : CVE-2018-20019

Mitre link : CVE-2018-20019

CVE.ORG link : CVE-2018-20019

JSON object : View

Products Affected

siemens

simatic_itc1900_pro
simatic_itc1900
simatic_itc1500_firmware
simatic_itc1500_pro
simatic_itc2200
simatic_itc1500_pro_firmware
simatic_itc2200_pro
simatic_itc2200_firmware
simatic_itc2200_pro_firmware
simatic_itc1500
simatic_itc1900_pro_firmware
simatic_itc1900_firmware

debian

debian_linux

libvnc_project

libvncserver

canonical

ubuntu_linux

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2018-20019", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-12-19T16:29:00.343", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/", "tags": ["Broken Link"], "source": "vulnerability@kaspersky.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://security.gentoo.org/glsa/201908-05", "tags": ["Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://usn.ubuntu.com/3877-1/", "tags": ["Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://usn.ubuntu.com/4547-1/", "tags": ["Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://usn.ubuntu.com/4587-1/", "tags": ["Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://www.debian.org/security/2019/dsa-4383", "tags": ["Third Party Advisory"], "source": "vulnerability@kaspersky.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201908-05", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3877-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4547-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/4587-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2019/dsa-4383", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution"}, {"lang": "es", "value": "LibVNC antes del commit con ID a83439b9fbe0f03c48eb94ed05729cb016f8b72f contiene m\u00faltiples vulnerabilidades de escritura de memoria din\u00e1mica (heap) fuera de l\u00edmites en el c\u00f3digo del cliente VNC que pueden resultar en la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2024-11-21T04:00:46.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEF1BF44-78B8-44E3-9A5A-29AB8111322B", "versionEndExcluding": "0.9.12"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A664216-EEA0-423F-8E11-59C746FDEEFE", "versionEndExcluding": "3.2.1.0", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9596C8CD-B03F-4E9D-82AB-0986FDD1B47C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD78291E-48D8-4718-AE14-BDF93BD557D7", "versionEndExcluding": "3.2.1.0", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5BB898D3-07A3-42A1-8F1B-53C3B005982D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD1209DE-2724-493D-8276-1BE959BFE6BF", "versionEndExcluding": "3.2.1.0", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A9143A6-A93A-45CA-8A1F-6EE30647B54A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92F7FC17-F19F-4BD6-9704-49B67D22B532", "versionEndExcluding": "3.2.1.0", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D34BD13-4E71-48A2-851D-AE7CE2A03C28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE4A6F13-385B-4A13-B8D8-3BBC4E9D5B67", "versionEndExcluding": "3.2.1.0", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E63E423-7450-4043-B33B-3FFF5BBE1CB2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71A51CA4-1A62-47BC-99A3-4DC9F3986FF5", "versionEndExcluding": "3.2.1.0", "versionStartIncluding": "3.0.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD278558-AB0E-4FC1-9E5B-6B57D29CB86A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnerability@kaspersky.com"}

9.8 /10