- Advisories
Vulnerability in Remote Access Software from RealVNC (CVE-2022-41975)
During research, cirosec found a vulnerability in the remote access software from RealVNC.
RealVNC’s remote access and support solution Connect allows accessing and managing devices from anywhere. To access a device, the VNC Viewer software establishes a connection to the VNC server application, which is installed on the system that is to be managed.
The vulnerability identified is located in the Windows installation packages of VNC Viewer and VNC Server and was immediately reported to the manufacturer.
Local Privilege Escalation
The repair feature in the corresponding Windows installer for VNC Viewer and VNC Server can be used by an unprivileged attacker to cause insecure operations. Skillfully redirecting these operations allows an attacker to obtain system privileges.
The vulnerability in the two installation packages was summarized under the reference CVE-2022-41975. [1]
CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2022-41975
CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Versions
RealVNC VNC Server, version 5.1.0 to 6.10.1
RealVNC VNC Viewer, version 5.1.0 to 6.22.515
Mitigations
The vulnerability can be fixed by updating to VNC Server version 6.11 and VNC Viewer version 6.22.826.
References
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-41975
Credits
Jan-Luca Gruber (cirosec GmbH)
Timeline
2022-09-11
Initial disclosure of the vulnerability to the vendor
2022-09-12
First response from the vendor
2022-09-15
Vendor confirmed the vulnerability and informed us about planned patches and CVE request
2022-09-30
Patches are published, and a CVE is assigned