Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-36436

Published: 14/09/2022 Updated: 13/02/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Twisted Vnc Authentication Proxy

Vulnerability Summary

OSU Open Source Lab VNCAuthProxy up to and including 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

osuosl twisted vnc authentication proxy

Github Repositories

https://github.com/mam-dev/security-constraints

Fetches security vulnerabilities and creates pip-constraints based on them.

security-constraints Security-constraints is a command-line application used to fetch security vulnerabilities in Python packages from external sources and from them generate version constraints for the packages The constraints can then be given to pip install with the -c option, either on the command line or in a requirements file Installation Just install it with pip: pip i

References

CWE-287https://github.com/osuosl/twisted_vncauthproxy/commit/edc149af29242178091b2d6fcd42c3ef0851644bhttps://github.com/osuosl/twisted_vncauthproxy/tree/release/1.1.1https://pypi.org/project/VNCAuthProxy/https://cert.grnet.gr/en/blog/cve-2022-36436-twisted-vnc-authentication-proxy-authentication-bypass/https://nvd.nist.govhttps://github.com/mam-dev/security-constraints
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook