Unauthenticated Remote Code Execution in ThinVNC Version 1.0b1

Unauthenticated Remote Code Execution in ThinVNC Version 1.0b1

CVE-2022-25226 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.

Learn more about our Cis Benchmark Audit For Server Software.