CVE-2022-27502 - RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an inst

CVE-2022-27502

Summary

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.

References

https://realvnc.com
https://help.realvnc.com/hc/en-us/articles/360002478311-Are-there-any-known-security-vulnerabilities-#cve-2008-4770-moderate-%E2%80%94-only-affects-vnc-viewer--0-1

Vulnerable Configurations

cpe:2.3:a:realvnc:vnc_server:*:*:*:*:*:*:*:*
cpe:2.3:a:realvnc:vnc_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 17-06-2022 - 16:22)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

Last major update

17-06-2022 - 16:22

Published

10-06-2022 - 13:15

Last modified

17-06-2022 - 16:22