CVE-2020-14397 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
libvnc_project	libvncserver	𝑥 ≤ 0.9.12
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
canonical	ubuntu_linux	20.04
debian	debian_linux	8.0
debian	debian_linux	9.0
siemens	simatic_itc1500_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc1500_pro_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc1900_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc1900_pro_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc2200_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
siemens	simatic_itc2200_pro_firmware	3.0.0.0 ≤ 𝑥 < 3.2.1.0
opensuse	leap	15.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libvncserver

bullseye	0.9.13+dfsg-2+deb11u1 fixed
sid	0.9.14+dfsg-1 fixed
trixie	0.9.14+dfsg-1 fixed
bookworm	0.9.14+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libvncserver

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	Fixed 0.9.12+dfsg-9ubuntu0.2 released
eoan	ignored
bionic	Fixed 0.9.11+dfsg-1ubuntu1.3 released
xenial	Fixed 0.9.10+dfsg-3ubuntu0.16.04.5 released
trusty	dne

veyon

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
hirsute	ignored
groovy	ignored
focal	needs-triage
eoan	ignored
bionic	dne
xenial	dne
trusty	dne

vino

noble	Fixed 3.22.0-6ubuntu2 released
mantic	Fixed 3.22.0-6ubuntu2 released
lunar	Fixed 3.22.0-6ubuntu2 released
kinetic	Fixed 3.22.0-6ubuntu2 released
jammy	Fixed 3.22.0-6ubuntu2 released
impish	Fixed 3.22.0-6ubuntu2 released
hirsute	Fixed 3.22.0-6ubuntu2 released
groovy	Fixed 3.22.0-6ubuntu2 released
focal	Fixed 3.22.0-5ubuntu2.1 released
bionic	Fixed 3.22.0-3ubuntu1.1 released
xenial	Fixed 3.8.1-0ubuntu9.3 released
trusty	dne

x11vnc

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
hirsute	ignored
groovy	ignored
focal	needs-triage
eoan	ignored
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html

https://usn.ubuntu.com/4434-1/

https://usn.ubuntu.com/4573-1/

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html

https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf

https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0

https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13

https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00045.html

https://usn.ubuntu.com/4434-1/

https://usn.ubuntu.com/4573-1/