First published: Wed Apr 12 2023(Updated: )
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tightvnc Tightvnc | <2.8.75 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of the TightVNC vulnerability is CVE-2023-27830.
CVE-2023-27830 has a severity rating of critical.
An attacker can exploit CVE-2023-27830 by replacing legitimate files with crafted files during a file transfer, allowing them to escalate privileges on the host operating system.
TightVNC versions up to and excluding 2.8.75 are affected by CVE-2023-27830.
Yes, you can find more information about CVE-2023-27830 at the following links: [Link 1](https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce), [Link 2](https://www.tightvnc.com/news.php), [Link 3](https://www.tightvnc.com/whatsnew.php).