Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/clapton/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2022-05-20T11:02:49
Updated: 2022-05-20T20:15:41
Reserved: 2022-02-15T00:00:00
Link: CVE-2022-25227
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-20T12:15:10.930
Modified: 2022-06-01T15:11:27.273
Link: CVE-2022-25227
JSON object: View
Redhat Information
No data.
CWE