CVE-2022-41975 VNC Server and Viewer can be exploited locally by MSI installer repair mode.
CVE-2019-1238 is rated as critical due to the fact that it can be exploited to achieve remote code execution on the client, as well as on the server. Windows 10, Windows Server 2019, and Windows Server, version 1809 are not supported before these releases. VNC server on Windows 7 and Windows Server 2008 is also vulnerable. Due to the fact that the majority of VNC clients use MSI files to install, attackers can exploit the local privilege escalation to install malware on the client. VNC viewers like Irssi, XChat, and mVm view also use MSI files to install, which allows attackers to exploit the same vulnerability to install malware on the viewer. This can lead to remote code execution on the client machine, as well as on the server. VNC is a common security risk because of its cross-platform nature and zero-configuration setup. Attackers can leverage the vulnerability to install malware on the client, server, or both.
VNC Overview
VNC or Virtual Network Computing is a remote desktop protocol used by many different operating systems and devices. VNC is a cross-platform solution that supports protocols like RDP, XDMCP, and SSH.
Since the vulnerability exists in the protocol, not the software itself, it has been able to be exploited by attackers on both Windows and Linux. The vulnerability allows for an attacker to install malware on the client machine, server machine, or both machines exploiting their trusted relationship with their user. The console service on these two platforms can also be remotely controlled through this same process.
Vulnerability details
CVE-2019-1238 is rated as critical because it can be exploited to achieve remote code execution on the client, as well as on the server. VNC server on Windows 7 and Windows Server 2008 are also vulnerable. Due to this, attackers can exploit the local privilege escalation to install malware on the client. VNC viewers like Irssi, XChat, and mVm view also use MSI files to install, which allows attackers to exploit the same vulnerability to install malware on the viewer. This can lead to remote code execution on the client machine, as well as on the server.
Windows version disclosure
CVE-2019-1238 does not require an attacker to be authenticated or even on the same network as the vulnerable device. It is a remote code execution vulnerability that can lead to sensitive information disclosure, such as authentication credentials. It also has potential to cause data corruption and system instability, which could result in denial of service. This vulnerability is rated critical because it can be exploited to achieve remote code execution on the client and server, and because it only requires low privileges. Additionally, Windows 10, Windows Server 2019, and Windows Server 1809 are not supported before these releases. VNC server on Windows 7 and Windows Server 2008 are also vulnerable. With this in mind, it is important to properly patch your devices with a recent release of software before exploitation occurs.
Microsoft Windows:
A Risks of VNC
The risk of the vulnerability is that it can be exploited to install malware on the client, server, or both. VNC is a common security risk because of its cross-platform nature and zero-configuration setup. Attackers can leverage the vulnerability to install malware on the client, server, or both. Microsoft Windows 10, Windows Server 2019, and Windows Server 1809 are not supported before these releases.
VNC Server
VNC servers are vulnerable to CVE-2022-41975. VNC servers, like RealVNC and others, use MSI files to install the server software on Windows machines. If the client is using an MSI file to install VNC, an attacker can leverage this vulnerability to execute arbitrary code on the client machine. This can lead to remote code execution on the client. Attackers can also exploit this vulnerability to execute arbitrary code on a VNC server, if they have access
Timeline
Published on: 09/30/2022 18:15:00 UTC
Last modified on: 10/04/2022 17:12:00 UTC