nvd-json-data-feeds/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json

{
  "id": "CVE-2023-47251",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-11-22T18:15:08.930",
  "lastModified": "2023-11-27T22:15:08.037",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem."
    },
    {
      "lang": "es",
      "value": "En mprivacy-tools anterior a 2.0.406g en m-privacy TightGate-Pro Server, un Directory Traversal en la funci\u00f3n de impresi\u00f3n del servicio VNC permite a atacantes autenticados (con acceso a una sesi\u00f3n de VNC) transferir autom\u00e1ticamente documentos PDF maliciosos movi\u00e9ndolos al directorio .spool y luego env\u00eda una se\u00f1al al servicio VNC, que los transfiere autom\u00e1ticamente al sistema de archivos del cliente VNC conectado."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "http://seclists.org/fulldisclosure/2023/Nov/13",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/",
      "source": "cve@mitre.org"
    }
  ]
}