CVE-2020-14396 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Affected Products (NVD)

Vendor	Product	Version
libvnc_project	libvncserver	𝑥 ≤ 0.9.12
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
canonical	ubuntu_linux	20.04
debian	debian_linux	8.0
debian	debian_linux	9.0
siemens	simatic_itc1500_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc1500_pro_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc1900_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc1900_pro_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc2200_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc2200_pro_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libvncserver

bookworm	0.9.14+dfsg-1 fixed
bullseye	0.9.13+dfsg-2+deb11u1 fixed
buster	not-affected
jessie	not-affected
sid	0.9.14+dfsg-1 fixed
stretch	not-affected
trixie	0.9.14+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libvncserver

bionic	not-affected
eoan	not-affected
focal	Fixed 0.9.12+dfsg-9ubuntu0.2 released
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	not-affected

veyon

bionic	dne
eoan	ignored
focal	needs-triage
groovy	ignored
hirsute	ignored
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	dne
xenial	dne

x11vnc

bionic	needs-triage
eoan	ignored
focal	needs-triage
groovy	ignored
hirsute	ignored
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

https://usn.ubuntu.com/4434-1/

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

https://usn.ubuntu.com/4434-1/