CVE-2006-2369

CVSS V2 High 7.5 CVSS V3 None
Description
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
Overview
  • CVE ID
  • CVE-2006-2369
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2006-05-15T16:06:00
  • Last Modified Date
  • 2022-05-13T18:15:08
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:vnc:realvnc:4.1.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.html
http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html Exploit Patch
http://www.realvnc.com/products/free/4.1/release-notes.html Patch
http://www.kb.cert.org/vuls/id/117929 Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/17978 Exploit Patch
http://securitytracker.com/id?1016083 Exploit Patch
http://secunia.com/advisories/20107 Patch Vendor Advisory
http://secunia.com/advisories/20109 Patch Vendor Advisory
http://www.osvdb.org/25479
http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml
http://secunia.com/advisories/20789 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1790 Vendor Advisory
http://www.vupen.com/english/advisories/2006/2492 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1821 Vendor Advisory
http://securityreason.com/securityalert/8355
http://marc.info/?l=vnc-list&m=114755444130188&w=2
http://marc.info/?l=full-disclosure&m=114768344111131&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/26445
http://www.securityfocus.com/archive/1/438368/100/0/threaded
http://www.securityfocus.com/archive/1/438175/100/0/threaded
http://www.securityfocus.com/archive/1/434560/100/0/threaded
http://www.securityfocus.com/archive/1/434518/100/0/threaded
http://www.securityfocus.com/archive/1/434117/100/0/threaded
http://www.securityfocus.com/archive/1/434015/100/0/threaded
http://www.securityfocus.com/archive/1/433994/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2006-2369
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2369
History
Created Old Value New Value Data Type Notes
2022-05-10 18:08:10 Added to TrackCVE