PT-2022-5791 · Microsoft+1 · Windows+2
Published
2022-09-30
·
Updated
2025-05-20
·
CVE-2022-41975
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RealVNC VNC Server versions prior to 6.11.0
RealVNC VNC Viewer versions prior to 6.22.826 on Windows
Description
The issue is related to insecure privilege management in RealVNC, allowing an attacker to escalate their privileges by exploiting the MSI installer Repair mode. This can lead to local privilege escalation.
Recommendations
For RealVNC VNC Server versions prior to 6.11.0, update to version 6.11.0 or later to resolve the issue.
For RealVNC VNC Viewer versions prior to 6.22.826 on Windows, update to version 6.22.826 or later to resolve the issue.
As a temporary workaround, consider restricting access to the MSI installer Repair mode until a patch is applied.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Realvnc Vnc Server
Realvnc Viewer
Windows