CVE-2024-42049

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: TightVNC (Server for Windows) versions prior to 2.8.84

Description: The issue is related to the Control Pipe Handler component of the TightVNC remote desktop access system, which allows attackers to bypass the authentication procedure by using an alternative path or channel. This can enable a remote attacker to connect to the control pipe via a network connection without authorization.

Recommendations: For versions prior to 2.8.84, update to version 2.8.84 or later to resolve the issue. As a temporary workaround, consider restricting network access to the control pipe until a patch is applied.

Exploit

Fix

Authentication Bypass Using an Alternate Path or Channel

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-200

Related Identifiers

BDU:2024-05795

CVE-2024-42049

Affected Products

Tightvnc

CVE-2024-42049

Weakness Enumeration

Related Identifiers

Affected Products

References · 9