Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2020-26117

Published: 27/09/2020 Updated: 16/11/2022
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Tigervnc

Vulnerability Summary

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC prior to 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

tigervnc tigervnc

debian debian linux 9.0

opensuse leap 15.2

Vendor Advisories

Debian CVElist Bug Report Logs: tigervnc-viewer: CVE-2020-26117: VNC viewer certificate exceptions are mistakenly handled as certificate authorities
Debian Bug report logs - #971272 tigervnc-viewer: CVE-2020-26117: VNC viewer certificate exceptions are mistakenly handled as certificate authorities Package: tigervnc-viewer; Maintainer for tigervnc-viewer is TigerVNC Packaging Team <pkg-tigervnc-devel@listsaliothdebianorg>; Source for tigervnc-viewer is src:tigervnc (PTS, build ...

References

CWE-295https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cbhttps://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cbahttps://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6ehttps://bugzilla.opensuse.org/show_bug.cgi?id=1176733https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562bhttps://lists.debian.org/debian-lts-announce/2020/10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00024.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971272https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook