Vulnerability Name:

CVE-2020-14405 (CCN-183897)

Assigned:2020-04-10
Published:2020-04-10
Updated:2022-03-09
Summary:An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
6.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-770
CWE-770
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-14405

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

Source: XF
Type: UNKNOWN
libvncserver-cve202014405-bo(183897)

Source: CCN
Type: LibVNCServer GIT Repository
libvncserver

Source: CCN
Type: LibVNCServer GIT Repository
libvncclient/rfbproto: limit max textchat size

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365

Source: CCN
Type: LibVNCServer GIT Repository
LibVNCServer

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200630 [SECURITY] [DLA 2264-1] libvncserver security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200828 [SECURITY] [DLA 2347-1] libvncserver security update

Source: UBUNTU
Type: Third Party Advisory
USN-4434-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libvnc_project:libvncserver:*:*:*:*:*:*:*:* (Version < 0.9.12)

  • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:* (Version >= 3.0.0.0 and < 3.2.1.0)
  • AND
  • cpe:/h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:* (Version >= 3.0.0.0 and < 3.2.1.0)
  • AND
  • cpe:/h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:* (Version >= 3.0.0.0 and < 3.2.1.0)
  • AND
  • cpe:/h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:* (Version >= 3.0.0.0 and < 3.2.1.0)
  • AND
  • cpe:/h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:* (Version >= 3.0.0.0 and < 3.2.1.0)
  • AND
  • cpe:/h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:* (Version >= 3.0.0.0 and < 3.2.1.0)
  • AND
  • cpe:/h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:libvncserver:libvncserver:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:libvncserver_project:libvncserver:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:libvncserver_project:libvncserver:0.9.11:*:*:*:*:*:*:*
  • OR cpe:/a:libvnc_project:libvncserver:0.9.12:-:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20211811
    P
    RHSA-2021:1811: libvncserver security update (Moderate)
    2021-05-18
    BACK
    libvnc_project libvncserver *
    canonical ubuntu linux 14.04
    canonical ubuntu linux 16.04
    canonical ubuntu linux 16.04
    canonical ubuntu linux 18.04
    canonical ubuntu linux 18.10
    debian debian linux 8.0
    debian debian linux 9.0
    siemens simatic itc1500 firmware *
    siemens simatic itc1500 -
    siemens simatic itc1500 pro firmware *
    siemens simatic itc1500 pro -
    siemens simatic itc1900 firmware *
    siemens simatic itc1900 -
    siemens simatic itc1900 pro firmware *
    siemens simatic itc1900 pro -
    siemens simatic itc2200 firmware *
    siemens simatic itc2200 -
    siemens simatic itc2200 pro firmware *
    siemens simatic itc2200 pro -
    libvncserver libvncserver 0.9.9
    libvncserver_project libvncserver 0.9.10
    libvncserver_project libvncserver 0.9.11
    libvnc_project libvncserver 0.9.12 -