CVE-2019-8268

CRITICAL

UltraVNC <1206 - RCE

Title source: llm
STIX 2.1

Description

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.

References (3)

Scores

CVSS v3 9.8
EPSS 0.0140
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-193
Status published
Products (4)
siemens/sinumerik_access_mymachine\/p2p < 4.8
siemens/sinumerik_pcu_base_win10_software\/ipc < 14.00
siemens/sinumerik_pcu_base_win7_software\/ipc < 12.01
uvnc/ultravnc < 1.2.2.3
Published Mar 08, 2019
Tracked Since Feb 18, 2026