Search

Vulnerability in Remote Access Software from RealVNC (CVE-2022-41975)

During research, cirosec found a vulnerability in the remote access software from RealVNC.

RealVNC’s remote access and support solution Connect allows accessing and managing devices from anywhere. To access a device, the VNC Viewer software establishes a connection to the VNC server application, which is installed on the system that is to be managed.

The vulnerability identified is located in the Windows installation packages of VNC Viewer and VNC Server and was immediately reported to the manufacturer.

Local Privilege Escalation

The repair feature in the corresponding Windows installer for VNC Viewer and VNC Server can be used by an unprivileged attacker to cause insecure operations. Skillfully redirecting these operations allows an attacker to obtain system privileges.

The vulnerability in the two installation packages was summarized under the reference CVE-2022-41975. [1]

CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2022-41975

CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Versions
RealVNC VNC Server, version 5.1.0 to 6.10.1
RealVNC VNC Viewer, version 5.1.0 to 6.22.515

Mitigations
The vulnerability can be fixed by updating to VNC Server version 6.11 and VNC Viewer version 6.22.826.

References
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-41975

Credits
Jan-Luca Gruber (cirosec GmbH)

Timeline

Do you want to protect your systems? Get in touch with us.
Search
Search