Vulnerabilities > CVE-2022-25226 - Unspecified vulnerability in Cybelsoft Thinvnc 1.0

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cybelsoft

critical

NVD

Published: 2022-04-18

Updated: 2023-08-08

Summary

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.

Vulnerable Configurations

Part	Description	Count
Application	Cybelsoft Cybelsoft Thinvnc 1.0	1

References

https://fluidattacks.com/advisories/sinatra/