Thursday, January 23, 2025
Follow us On Linkedin
HomeCyber Security News37 Vulnerabilities Found in 4 Popular Open-Source VNC Remote Access Software

37 Vulnerabilities Found in 4 Popular Open-Source VNC Remote Access Software

Cyber Security NewsVulnerability

Published on

By Gurubaran
VNC

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Researchers found 37 vulnerabilities in four common open-source VNC remote desktop applications that exist since 1999. These vulnerabilities allow attackers to compromise the targeted systems remotely.

According to Kaspersky’s analysis, more than 600,000 VNC servers accessed remotely over the Internet, based on the data collected using the Shodan search engine.

37 Vulnerabilities

37 vulnerability discovered with four VNC components that include ten in LibVNC, four in TightVNC 1.X, one in TurboVNC and 22 in UltraVNC.

The VNC applications are available in both free and commercial versions, they are compatible with operating systems like Windows, Linux, macOS, and Android.

VNC applications contain two components one to be deployed in the server and next with the client machine that used to access the server.

Kaspersky researchers found vulnerabilities in both the server and client components, linked to incorrect memory usage that leads to malfunctions and denial of service.

In some extensive cases, the vulnerabilities let attackers gain unauthorized access to the device or to deploy malware on the victim machine.

Following are the possible attack vectors

  • An attacker is on the same network with the VNC server and attacks it to gain the ability to execute code on the server with the server’s privileges.
  • A user connects to an attacker’s ‘server’ using a VNC client and the attacker exploits vulnerabilities in the client to attack the user and execute code on the user’s machine.

The bugs have been reported to the developers and most of them have been fixed already, except TightVNC 1.x which was no longer supported. Developers recommended using TightVNC 2.X versions.

Researchers recommended monitoring the remote access programs in your infrastructure, check the devices connecting remotely and recommend using strong passwords.

Do not establish a connection with untrusted or untested VNC servers and to use specialized security solutions for industrial automation systems.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cyber Attack

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...
Browser

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...
ChatGPT

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...
Cyber Security News

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

Cyber Attack

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...
ChatGPT

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...
Cyber Security News

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved