Advertisement

Updated November 25th, 2019 at 19:55 IST

Security researchers uncover 37 vulnerabilities in open-source VNC systems

Security researchers at Kaspersk revealed memory corruption vulnerabilities in open-source Virtual Network Computing (VNC) systems. All you need to know.

Reported by: Tech Desk
Kaspersky
| Image:self
Advertisement

Security researchers revealed memory corruption vulnerabilities in open-source Virtual Network Computing (VNC) systems and warned that the exploitation of these vulnerabilities could lead to remote code execution affecting the users. As per shodan.io, Virtual Network Computing systems amount to more than 600,000 servers accessible from the global network. However, the real number of VNC installations is multi-fold considering that devices are only accessible within local networks.

VNC systems provide remote access to one device from the other, courtesy of a remote frame buffer (RFB) protocol. According to researchers at cybersecurity firm Kaspersky, VNC systems have become some of the most popular desktop sharing tools to date due to their multiple-platform availability and multiple open-source versions. Approximately 32 per cent of industrial network computers have some form of remote administration tools including VNC and they are actively used in automated industrial facilities enabling remote control of systems.

READ | Stay alert and watch out for these risky cybersecurity threats in 2020

Study findings

-- Researchers say the prevalence level of VNC systems including the vulnerable ones and particularly vulnerable ones is a significant issue for the industrial sector.

-- Potential damages can bring significant losses through disruption of complex production processes.

-- Researchers also studied some of the most popular VNC systems such as LibVNC, UltraVNC, TightVNC1.X and TurboVNC.

-- Despite analyzing VNC systems previously by other researchers, it turned out not all vulnerabilities were then uncovered and patched.

-- Researchers show 37 CVE records marking various vulnerabilities were created.

-- Vulnerabilities were found not only on the client but also on the server-side of the system.

-- Some of the VNC systems can allow remote code execution

-- Vulnerable VNC Systems could allow a malicious actor to make arbitrary changes on the attacked systems.

-- Many server-side vulnerabilities could only be exploited after password authentification.

-- Some servers do not allow to set up password-free access.

READ | Tips to stay safe from cybersecurity threats during online shopping

Pavel Cheremushkin, Kaspersky ICS CERT Vulnerability Researcher said: “I was surprised to see the simplicity of discovered vulnerabilities, especially considering their significant lifetime. This means that attackers could have noticed and taken advantage of the vulnerabilities a long time ago. Moreover, some classes of vulnerabilities are present in many open-source projects and remain there even after refactoring of the codebase, which included vulnerable code."

Advertisement

Published November 25th, 2019 at 19:23 IST

Your Voice. Now Direct.

Send us your views, we’ll publish them. This section is moderated.

Advertisement
Advertisement

Trending Quicks

vk saxena
a few seconds ago
Shahjahan Sheikh in CBI Custody: First Visual Emerges | WATCH
a few seconds ago
AR Rahman, Ram Charan
4 minutes ago
File Photo of PM Narendra Modi
6 minutes ago
Elon Musk X lawsuit
7 minutes ago
Five Animals With Amazing Camouflaging Abilities
12 minutes ago
Hardik Pandya
13 minutes ago
India Registers stern objection to US remarks on Kejriwal
14 minutes ago
MS Dhoni story from IPL 2023
22 minutes ago
Government Approves Major Bureaucratic Rejig with Key Appointments | LIVE
22 minutes ago
Advertisement
Advertisement
Advertisement
Whatsapp logo