Advisories

Vulnerability in Remote Access Software from RealVNC (CVE-2022-41975)

During research, cirosec found a vulnerability in the remote access software from RealVNC.

RealVNC’s remote access and support solution Connect allows accessing and managing devices from anywhere. To access a device, the VNC Viewer software establishes a connection to the VNC server application, which is installed on the system that is to be managed.

The vulnerability identified is located in the Windows installation packages of VNC Viewer and VNC Server and was immediately reported to the manufacturer.

Local Privilege Escalation

The repair feature in the corresponding Windows installer for VNC Viewer and VNC Server can be used by an unprivileged attacker to cause insecure operations. Skillfully redirecting these operations allows an attacker to obtain system privileges.

The vulnerability in the two installation packages was summarized under the reference CVE-2022-41975. [1]

CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2022-41975

CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Versions
RealVNC VNC Server, version 5.1.0 to 6.10.1
RealVNC VNC Viewer, version 5.1.0 to 6.22.515

Mitigations
The vulnerability can be fixed by updating to VNC Server version 6.11 and VNC Viewer version 6.22.826.

References
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-41975

Credits
Jan-Luca Gruber (cirosec GmbH)

Timeline

2022-09-11

Initial disclosure of the vulnerability to the vendor

2022-09-12

First response from the vendor

2022-09-15

Vendor confirmed the vulnerability and informed us about planned patches and CVE request

2022-09-30

Patches are published, and a CVE is assigned

Do you want to protect your systems? Feel free to get in touch with us.

Competent IT security consulting, pentests, incident response and training

cirosec GmbH
Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany