Kaspersky presented on Friday an analysis of open source Virtual Network Computing (VNC) which uncovered memory corruption vulnerabilities that existed in a substantial number of projects for a significant period of time.
According to shodan.io, the exploitation of some detected vulnerabilities could lead to remote code execution affecting the users of VNC systems, which amounts to over 600,000 servers accessible from the global network.
VNC systems provide remote access to one device from another through the use of remote frame buffer (RFB) protocol. Due to its availability on multiple platforms and presence of multiple open sources, VNC systems have become some of the more popular desktop sharing tools to date.
They are actively used in automated industrial facilities enabling remote control of systems, and approximately 32% of industrial network computers having some form of remote administration tools, including VNC.
The prevalence of such systems in general, and particularly ones that are vulnerable, is a significant issue for the industrial sector as potential damages can bring significant losses through disruption of complex production processes.
As such, Kaspersky researchers studied some VNC systems including LibVNC, UltraVNC, TightVNC1.X and TurboVNC.
Although these VNC projects were previously analyzed by other researchers, not all vulnerabilities were uncovered and patched. As a result of Kaspersky’s analysis, 37 CVE records marking various vulnerabilities were created.
Vulnerabilities were found not only on the client, but also on the server-side of the system. Some allowed remote code execution, which can then permit a malicious actor to make arbitrary changes on the attacked systems. Alternatively, many server-side vulnerabilities could only be exploited after password authentication, and some servers do not allow password-free access.
No comments:
Post a Comment