CVE-2023-27830
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
12/04/2023
Last modified:
08/02/2025
Description
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.
Impact
Base Score 3.x
9.00
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:tightvnc:tightvnc:*:*:*:*:*:*:*:* | 2.8.75 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce
- https://www.tightvnc.com/news.php
- https://www.tightvnc.com/whatsnew.php
- https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce
- https://www.tightvnc.com/news.php
- https://www.tightvnc.com/whatsnew.php