Kaspersky researchers have identified dozens of vulnerabilities in four popular open source virtual network computing (VNC) systems, but fortunately the majority of them have been patched.
VNC systems use the remote frame buffer (RFB) protocol to allow users to remotely control a device. According to Kaspersky, VNC is often used in industrial environments and many manufacturers of industrial control systems (ICS) use VNC to add remote administration capabilities to their products.
Kaspersky has analyzed four widely used open source VNC systems, including LibVNC, UltraVNC, TightVNC and TurboVNC. The cybersecurity firm says UltraVNC and TightVNC are often recommended by industrial automation system vendors for connecting to human-machine interfaces (HMIs).
A total of 37 CVE identifiers have been assigned to the vulnerabilities found by Kaspersky in server and client software. Some of the flaws can be exploited for remote code execution, allowing the attacker to make changes to the targeted system. Over 20 of the security bugs were identified in UltraVNC.
In some cases, the security firm noted, the flaws found as part of this research project were variations of previously identified weaknesses.
The server-side vulnerabilities can be exploited by an attacker who is on the same network as the targeted VNC server. However, there are over 600,000 servers directly accessible from the internet, according to data from Shodan.
The client-side weaknesses can be exploited when the user connects to a server controlled by the attacker using a vulnerable VNC client.
Most of the 37 vulnerabilities have been patched. In the case of TightVNC, however, TightVNC 1.X has been discontinued and package maintainers have not released any fixes, despite being notified in January 2019.
Kaspersky pointed out that while some of these vulnerabilities can pose a serious risk, particularly in ..
Support the originator by clicking the read the rest link below.
