PT-2024-5590 · Neat Vnc+2 · Neat Vnc+2

Dane Bouchie

Published

2024-08-01

Updated

2024-11-23

CVE-2024-42458

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Neat VNC versions prior to 0.8.1

Description The issue is related to a flaw in the authentication procedure of the server.c file in the Neat VNC server library, which allows remote access to computers. This flaw can be exploited by a remote attacker to bypass existing security restrictions. The problem is associated with the improper validation of the security type.

Recommendations For versions prior to 0.8.1, update to version 0.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the server.c file or implementing additional security measures to minimize the risk of exploitation.

Fix

Improper Authentication

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-20

Related Identifiers

ALT-PU-2024-15107

BDU:2024-06275

CVE-2024-42458

OPENSUSE-SU-2024:14238-1

Affected Products

Alt Linux

Debian

Neat Vnc

PT-2024-5590 · Neat Vnc+2 · Neat Vnc+2

CVE-2024-42458

Weakness Enumeration

Related Identifiers

Affected Products

References · 22