CVE-2023-27830

Published: Apr 12, 2023Modified: Feb 8, 2025

9.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.

Affected (1)

Products: Tightvnc: Tightvnc

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tightvnc Tightvnc	Before 2.8.75

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.tightvnc.com/news.php

Source: cve@mitre.org

ProductRelease Notes

https://www.tightvnc.com/whatsnew.php

Source: cve@mitre.org

ProductRelease Notes

https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.tightvnc.com/news.php

Source: af854a3a-2127-422b-91ae-364da2661108

ProductRelease Notes

https://www.tightvnc.com/whatsnew.php

Source: af854a3a-2127-422b-91ae-364da2661108

ProductRelease Notes

Timeline

No history available yet.