UltraVNC w/ DSM Plugin Detection

medium Nessus Plugin ID 19289
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A remote control service is running on this port.

Description

UltraVNC seems to be running on the remote port.

Upon connection, the remote service on this port always sends the same 12 pseudo-random bytes.

It is probably UltraVNC with the old DSM encryption plugin. This plugin tunnels the RFB protocol into a RC4-encrypted stream.

This old protocol does not use a random IV so the RC4 pseudo random flow is reused from one session to another. An authenticated user could leverage this issue to decrypt other users' sessions.

Solution

If this service is not needed, disable it or filter incoming traffic to this port. Otherwise, upgrade UltraVNC and use one of the new and safer plugins which implement a random IV.

Plugin Details

Severity: Medium

ID: 19289

File Name: ultravnc_dsm_detect.nasl

Version: 1.20

Type: remote

Published: 7/24/2005

Updated: 11/22/2019

Dependencies: find_service1.nasl, vnc.nasl

Asset Inventory: true

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*