Vulnerability Details CVE-2023-27830
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.7%
CVSS Severity
CVSS v3 Score 9.0
References
- https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce
- https://www.tightvnc.com/news.php
- https://www.tightvnc.com/whatsnew.php
- https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce
- https://www.tightvnc.com/news.php
- https://www.tightvnc.com/whatsnew.php
Products affected by CVE-2023-27830
-
cpe:2.3:a:tightvnc:tightvnc:-
-
cpe:2.3:a:tightvnc:tightvnc:1.3.10
-
cpe:2.3:a:tightvnc:tightvnc:1.3.9
-
cpe:2.3:a:tightvnc:tightvnc:2.8.59
-
cpe:2.3:a:tightvnc:tightvnc:2.8.63