Vulnerability Description
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tightvnc | Tightvnc | < 2.8.75 |
Related Weaknesses (CWE)
References
- https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvExploitThird Party Advisory
- https://www.tightvnc.com/news.phpProductRelease Notes
- https://www.tightvnc.com/whatsnew.phpProductRelease Notes
- https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvExploitThird Party Advisory
- https://www.tightvnc.com/news.phpProductRelease Notes
- https://www.tightvnc.com/whatsnew.phpProductRelease Notes
FAQ
What is CVE-2023-27830?
CVE-2023-27830 is a vulnerability with a CVSS score of 9.0 (CRITICAL). TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact t...
How severe is CVE-2023-27830?
CVE-2023-27830 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-27830?
Check the references section above for vendor advisories and patch information. Affected products include: Tightvnc Tightvnc.